CVE-2021-23874
Published: 10 February 2021
Summary
CVE-2021-23874 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Mcafee Total Protection. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 26.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2021-23874 is an arbitrary process execution vulnerability affecting McAfee Total Protection (MTP) versions prior to 16.0.30. It is associated with CWE-269 and CWE-732 and carries a CVSS 3.1 score of 8.2 reflecting local attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability under a changed scope.
A local user can exploit the flaw to bypass MTP self-defense mechanisms, obtain elevated privileges, and execute arbitrary code on the affected system.
McAfee has published remediation guidance in FAQ document TS103114, while the presence of the CVE in the CISA Known Exploited Vulnerabilities catalog indicates confirmed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-10800
Vulnerability details
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access restrictions so a local user cannot bypass MTP self-defense to obtain elevated privileges or execute arbitrary code.
Limits privileges assigned to local users, reducing the ability to exploit the flaw and gain unauthorized elevated rights.
Requires isolation of security functions such as MTP self-defense mechanisms from untrusted user processes.