CVE-2021-23874
published 2021-02-10CVE-2021-23874: Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute…
PriorityP279high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
1.03%
59.3th percentile
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | total_protection | < 16.0.30 | 16.0.30 |
| mcafee_llc | mcafee_total_protection | >= unspecified < 16.0.30 | 16.0.30 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability targets McAfee Total Protection (MTP) prior to version 16.0.30; monitor for privilege escalation activity originating from MTP-related processes, which may indicate exploitation of the self-defense bypass ↗
- →Look for local user processes spawning elevated or unexpected child processes under the MTP process tree, which may indicate abuse of the improper privilege management flaw to bypass self-defense mechanisms ↗
- ·Exploitation requires local user access; this is not a remote code execution vulnerability. Detection efforts should focus on endpoint telemetry rather than network-based indicators. ↗
- ·CISA flagged this as a Known Exploited Vulnerability with a remediation due date of 2021-11-17, indicating confirmed in-the-wild exploitation; prioritize patching MTP to version 16.0.30 or later. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck8.2HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jx9f-q7vh-wf4p: Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16
ghsa_unreviewed·2022-05-24
CVE-2021-23874 [HIGH] CWE-269 GHSA-jx9f-q7vh-wf4p: Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
VulnCheck
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
vulncheck·2021·CVSS 8.2
CVE-2021-23874 [HIGH] CWE-284 McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.
Affected: McAfee McAfee Total Protection (MTP)
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2021-11-17
CISA
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2021-23874 [HIGH] CWE-284 McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
Vulnerability: McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
Affected: McAfee McAfee Total Protection (MTP)
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-23874
Remediation Due Date: 2021-11-17
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-02-10
Published
2021-11-03
Added to CISA KEV
Exploited in the wild