CVE-2022-0280 - OpenCVE

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Total Protection
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:total_protection:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2022-03-10T22:35:09

Updated: 2024-08-02T23:25:40.191Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-0280

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-03-10T23:15:08.270

Modified: 2023-11-16T03:13:04.950

Link: CVE-2022-0280

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "McAfee Total Protection for Windows", "vendor": "McAfee", "versions": [{"lessThanOrEqual": "16.0.42", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-10T22:35:09", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view"}], "source": {"advisory": "TS103271", "discovery": "EXTERNAL"}, "title": "McAfee Total Protection (MTP) - File Deletion vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2022-0280", "STATE": "PUBLIC", "TITLE": "McAfee Total Protection (MTP) - File Deletion vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee Total Protection for Windows", "version": {"version_data": [{"version_affected": "<=", "version_value": "16.0.42"}]}}]}, "vendor_name": "McAfee"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}]}, "references": {"reference_data": [{"name": "https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view", "refsource": "MISC", "url": "https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view"}]}, "source": {"advisory": "TS103271", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:40.191Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2022-0280", "datePublished": "2022-03-10T22:35:09", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-02T23:25:40.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:total_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "187BA86F-4DBE-4534-9021-515829C30CD3", "versionEndExcluding": "16.0.43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de condici\u00f3n de carrera en la funci\u00f3n QuickClean de McAfee Total Protection para Windows versiones anteriores a 16.0.43, que permite a un usuario local alcanzar una elevaci\u00f3n de privilegios y llevar a cabo una eliminaci\u00f3n arbitraria de archivos. Esto podr\u00eda conllevar a una eliminaci\u00f3n de archivos confidenciales y causar potencialmente una denegaci\u00f3n de servicio. Este ataque explota la forma en que son creados los enlaces simb\u00f3licos y c\u00f3mo el producto trabaja con ellos"}], "id": "CVE-2022-0280", "lastModified": "2023-11-16T03:13:04.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 5.8, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2022-03-10T23:15:08.270", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Vendor Advisory"], "url": "https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-367"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}