CVE-2022-1824
Published: 20 June 2022
Summary
CVE-2022-1824 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Mcafee Consumer Product Removal Tool. Its CVSS base score is 7.9 (High).
Operationally, ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-25100
Vulnerability details
An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions…
more
and being able to execute arbitrary code as there were insufficient checks on the executable being signed by McAfee.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.