Vulnerability Details : CVE-2021-23874
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
Vulnerability category: Execute code
CVE-2021-23874 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2021-23874
Added on
2021-11-03
Action due date
2021-11-17
Exploit prediction scoring system (EPSS) score for CVE-2021-23874
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less