McAfee Total Protection
By the Year
In 2023 there have been 4 vulnerabilities in McAfee Total Protection with an average score of 5.8 out of ten. Last year Total Protection had 1 security vulnerability published. That is, 3 more vulnerabilities have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 2.00
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 4 | 5.80 |
2022 | 1 | 7.80 |
2021 | 6 | 7.52 |
2020 | 7 | 7.61 |
2019 | 2 | 6.60 |
2018 | 0 | 0.00 |
It may take a day or so for new Total Protection vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent McAfee Total Protection Security Vulnerabilities
McAfee Total Protection prior to 16.0.50 may
CVE-2023-25134
6.7 - Medium
- March 21, 2023
McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys
CVE-2023-24577
5.5 - Medium
- March 13, 2023
McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks.
insecure temporary file
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading
CVE-2023-24578
5.5 - Medium
- March 13, 2023
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks.
DLL preloading
McAfee Total Protection prior to 16.0.51
CVE-2023-24579
5.5 - Medium
- March 13, 2023
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory
CVE-2022-43751
7.8 - High
- November 23, 2022
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.
DLL preloading
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may
CVE-2021-23877
7.8 - High
- October 26, 2021
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.
Improper Privilege Management
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32
CVE-2021-23872
7.8 - High
- May 12, 2021
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.
insecure temporary file
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32
CVE-2021-23891
7.8 - High
- May 12, 2021
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
Improper Privilege Management
Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30
CVE-2021-23876
7.8 - High
- February 10, 2021
Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.
Improper Privilege Management
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30
CVE-2021-23874
7.8 - High
- February 10, 2021
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
Incorrect Permission Assignment for Critical Resource
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30
CVE-2021-23873
6.1 - Medium
- February 10, 2021
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.
insecure temporary file
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29
CVE-2020-7335
7.8 - High
- December 01, 2020
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.
Improper Privilege Management
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1
CVE-2020-7330
8.8 - High
- October 14, 2020
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables
Improper Privilege Management
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files
CVE-2020-7310
6.9 - Medium
- August 21, 2020
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.
Improper Privilege Management
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26
CVE-2020-7298
8.4 - High
- August 05, 2020
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
Improper Input Validation
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26
CVE-2020-7283
8.8 - High
- July 03, 2020
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.
Improper Privilege Management
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26
CVE-2020-7282
6.3 - Medium
- July 03, 2020
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
insecure temporary file
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26
CVE-2020-7281
6.3 - Medium
- July 03, 2020
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Improper Privilege Management
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier
CVE-2019-3648
6.7 - Medium
- November 13, 2019
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
Untrusted Path
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier
CVE-2019-3646
6.5 - Medium
- September 13, 2019
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
Untrusted Path
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for McAfee Total Protection or by McAfee? Click the Watch button to subscribe.
