CVE-2022-0280 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2022-0280?

CVE-2022-0280 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-0280?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Total Protection, Microsoft Windows.

Vulnerability Description

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mcafee	Total Protection	< 16.0.43
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-367

References

https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-viewVendor Advisory
https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-viewVendor Advisory

FAQ

What is CVE-2022-0280?

CVE-2022-0280 is a vulnerability with a CVSS score of 7.5 (HIGH). A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary fi...

How severe is CVE-2022-0280?

CVE-2022-0280 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-0280?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Total Protection, Microsoft Windows.