CVE-2022-37025

Sažetak

An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file.

Reference

https://www.mcafee.com/support/?articleId=TS103335&page=shell&shell=article-view
https://www.mcafee.com/en-us/antivirus/mcafee-security-scan-plus.html
https://attack.mitre.org/techniques/T1218/

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

19-08-2022 - 15:09

Objavljeno

18-08-2022 - 13:15