Mcafee Total Protection vulnerabilities
25 known vulnerabilities affecting mcafee/total_protection.
Total CVEs
25
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH14MEDIUM11
Vulnerabilities
Page 1 of 2
CVE-2021-23874P2HIGHCVSS 7.8KEVfixed in 16.0.302021-02-10
CVE-2021-23874 [HIGH] CWE-269 CVE-2021-23874: Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
nvd
CVE-2020-7283P3HIGHCVSS 8.8fixed in 16.0.r262020-07-03
CVE-2020-7283 [HIGH] CWE-274 CVE-2020-7283: Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local use
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.
nvd
CVE-2020-7330P3HIGHCVSS 8.8fixed in 4.0.176.12020-10-14
CVE-2020-7330 [HIGH] CWE-269 CVE-2020-7330: Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables
nvd
CVE-2021-23877P3HIGHCVSS 7.8fixed in 16.0.342021-10-26
CVE-2021-23877 [HIGH] CWE-269 CVE-2021-23877: Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) p
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.
nvd
CVE-2021-23872P3HIGHCVSS 7.8fixed in 16.0.322021-05-12
CVE-2021-23872 [HIGH] CWE-59 CVE-2021-23872: Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.
nvd
CVE-2021-23891P3HIGHCVSS 7.8fixed in 16.0.322021-05-12
CVE-2021-23891 [HIGH] CWE-269 CVE-2021-23891: Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
nvd
CVE-2020-7335P3HIGHCVSS 7.8fixed in 16.0.292020-12-01
CVE-2020-7335 [HIGH] CWE-269 CVE-2020-7335: Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior t
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.
nvd
CVE-2019-3636P3HIGHCVSS 7.8≤ 16.0.r212019-10-28
CVE-2019-3636 [HIGH] CWE-312 CVE-2019-3636: A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Win
A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.
nvd
CVE-2019-3617P3HIGHCVSS 8.2fixed in 4.62020-06-10
CVE-2019-3617 [HIGH] CWE-269 CVE-2019-3617: Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows
Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files.
nvd
CVE-2021-23876P3HIGHCVSS 7.8fixed in 16.0.302021-02-10
CVE-2021-23876 [HIGH] CWE-269 CVE-2021-23876: Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user t
Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.
nvd
CVE-2022-43751P3HIGHCVSS 7.8fixed in 16.0.492022-11-23
CVE-2022-43751 [HIGH] CWE-427 CVE-2022-43751: McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulner
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.
nvd
CVE-2020-7298P3HIGHCVSS 8.4fixed in 16.0.r262020-08-05
CVE-2020-7298 [HIGH] CVE-2020-7298: Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
nvd
CVE-2009-1348P4HIGHCVSS 7.6v20092009-04-30
CVE-2009-1348 [HIGH] CWE-20 CVE-2009-1348: The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShie
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an inva
nvd
CVE-2019-3648P4MEDIUMCVSS 6.7≤ 16.0r222019-11-13
CVE-2019-3648 [MEDIUM] CWE-426 CVE-2019-3648: A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
nvd
CVE-2023-25134P4MEDIUMCVSS 6.7fixed in 16.0.502023-03-21
CVE-2023-25134 [MEDIUM] CVE-2023-25134: McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.
nvd
CVE-2021-23873P4MEDIUMCVSS 6.1fixed in 16.0.302021-02-10
CVE-2021-23873 [MEDIUM] CWE-59 CVE-2021-23873: Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.
nvd
CVE-2019-3593P4HIGHCVSS 7.1fixed in 16.0.r182019-01-28
CVE-2019-3593 [HIGH] CVE-2019-3593: Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection
Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware.
nvd
CVE-2019-3646P4MEDIUMCVSS 6.5≤ 16.0.r182019-09-13
CVE-2019-3646 [MEDIUM] CWE-714 CVE-2019-3646: DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
nvd
CVE-2020-7282P4MEDIUMCVSS 6.3fixed in 16.0.r262020-07-03
CVE-2020-7282 [MEDIUM] CWE-59 CVE-2020-7282: Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local use
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
nvd
CVE-2020-7281P4MEDIUMCVSS 6.3fixed in 16.0.r262020-07-03
CVE-2020-7281 [MEDIUM] CWE-269 CVE-2020-7281: Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local u
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
nvd
1 / 2Next →