Cyber Resilience

CVE-2021-23874

HighCISA KEVActive ExploitationEUVD ExploitedLPE

Published: 10 February 2021

Published
10 February 2021
Modified
03 November 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0073 73.1th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-23874 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Mcafee Total Protection. Its CVSS base score is 8.2 (High).

Operationally, ranked in the top 26.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2021-23874 is an arbitrary process execution vulnerability affecting McAfee Total Protection (MTP) versions prior to 16.0.30. It is associated with CWE-269 and CWE-732 and carries a CVSS 3.1 score of 8.2 reflecting local attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability under a changed scope.

A local user can exploit the flaw to bypass MTP self-defense mechanisms, obtain elevated privileges, and execute arbitrary code on the affected system.

McAfee has published remediation guidance in FAQ document TS103114, while the presence of the CVE in the CISA Known Exploited Vulnerabilities catalog indicates confirmed real-world exploitation activity.

EU & UK References

Vulnerability details

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mcafee
total protection
≤ 16.0.30

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access restrictions so a local user cannot bypass MTP self-defense to obtain elevated privileges or execute arbitrary code.

prevent

Limits privileges assigned to local users, reducing the ability to exploit the flaw and gain unauthorized elevated rights.

prevent

Requires isolation of security functions such as MTP self-defense mechanisms from untrusted user processes.

References