Improper Privilege Management in McAfee Security Scan Plus
CVE-2022-37025

7.8HIGH

Key Information:

Vendor

Mcafee
Status
Security Scan Plus
Vendor
CVE Published:
18 August 2022

What is CVE-2022-37025?

An improper privilege management issue in McAfee Security Scan Plus prior to version 4.1.262.1 allows local users to alter configuration files, potentially enabling them to execute malicious code through Living off the Land (LOLBin) attacks. Due to the absence of integrity checks on the configuration files, unauthorized users may escalate their privileges, thereby compromising system security.

References

https://www.mcafee.com/en-us/antivirus/mcafee-security-sc...
x_refsource_MISC
https://attack.mitre.org/techniques/T1218/
x_refsource_MISC
https://www.mcafee.com/support/?articleId=TS103335&page=s...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.