CVE-2024-49592

Published Nov 15, 2024

Last updated 3 months ago

CVSS medium 6.7

Overview

Description
Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Source
cve@mitre.org
NVD status
Awaiting Analysis
CNA Tags
unsupported-when-assigned

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.7
Impact score
5.9
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-427

Social media

Hype score
Not currently trending

  1. CVE-2024-49592 McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges. https://t.co/7J5xLpPWzr

    @CVEnew

    15 Nov 2024

    393 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References