cnvd - cnvd-2022-22271

CNVD-2022-22271

Vulnerability from cnvd - Published: 2022-03-24

Title

Mcafee McAfee Total Protection竞争条件漏洞

Description

Mcafee McAfee Total Protection（MTP）是美国迈克菲（Mcafee）公司的一套防病毒软件。 McAfee Total Protection for Windows 16.0.43之前存在竞争条件漏洞，本地攻击者可利用该漏洞获取权限提升并执行任意文件删除。

Severity

低

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://service.mcafee.com/

Reference

https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view

Impacted products

Name
McAfee McAfee Total Protection for Windows <16.0.43

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-0280"
    }
  },
  "description": "Mcafee McAfee Total Protection\uff08MTP\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08Mcafee\uff09\u516c\u53f8\u7684\u4e00\u5957\u9632\u75c5\u6bd2\u8f6f\u4ef6\u3002\n\nMcAfee Total Protection for Windows 16.0.43\u4e4b\u524d\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u63d0\u5347\u5e76\u6267\u884c\u4efb\u610f\u6587\u4ef6\u5220\u9664\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://service.mcafee.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-22271",
  "openTime": "2022-03-24",
  "products": {
    "product": "McAfee McAfee Total Protection for Windows \u003c16.0.43"
  },
  "referenceLink": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view",
  "serverity": "\u4f4e",
  "submitTime": "2022-03-14",
  "title": "Mcafee McAfee Total Protection\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e"
}

CVE-2022-0280 (GCVE-0-2022-0280)

Vulnerability from cvelistv5 – Published: 2022-03-10 22:35 – Updated: 2024-08-02 23:25

Title

McAfee Total Protection (MTP) - File Deletion vulnerability

Summary

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

trellix

References

URL

Tags

https://service.mcafee.com/?articleId=TS103271&pa…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	McAfee	McAfee Total Protection for Windows	Affected: unspecified , ≤ 16.0.42 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "McAfee Total Protection for Windows",
          "vendor": "McAfee",
          "versions": [
            {
              "lessThanOrEqual": "16.0.42",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-10T22:35:09",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view"
        }
      ],
      "source": {
        "advisory": "TS103271",
        "discovery": "EXTERNAL"
      },
      "title": "McAfee Total Protection (MTP) - File Deletion vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2022-0280",
          "STATE": "PUBLIC",
          "TITLE": "McAfee Total Protection (MTP) - File Deletion vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "McAfee Total Protection for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "16.0.42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view",
              "refsource": "MISC",
              "url": "https://service.mcafee.com/?articleId=TS103271\u0026page=shell\u0026shell=article-view"
            }
          ]
        },
        "source": {
          "advisory": "TS103271",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2022-0280",
    "datePublished": "2022-03-10T22:35:09",
    "dateReserved": "2022-01-19T00:00:00",
    "dateUpdated": "2024-08-02T23:25:40.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-22271

CVE-2022-0280 (GCVE-0-2022-0280)

Tags

Sightings

Nomenclature