McAfee Total Protection (MTP) privilege escalation vulnerability
CVE-2021-23874

7.8HIGH

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Total Protection (mtp)
Vendor: CVE Published:; 10 February 2021

Badges

👾 Exploit Exists🦅 CISA Reported

What is CVE-2021-23874?

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

CISA has reported CVE-2021-23874

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2021-23874 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

McAfee Total Protection (MTP) Windows < 16.0.30

References

http://service.mcafee.com/FAQDocument.aspx?&id=TS103114

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Nov 3, 2021
🦅
CISA Reported
Nov 3, 2021
Vulnerability published
Feb 10, 2021
Vulnerability Reserved
Jan 12, 2021

Mcafee,llc

Badges

What is CVE-2021-23874?

CISA has reported CVE-2021-23874

Affected Version(s)

References

CVSS V3.1

Timeline