CVE-2021-23876: McAfee Total Protection (MTP) Bypass Remote Procedure call vulnerability
First published: Wed Feb 10 2021(Updated: )
Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Total Protection | <16.0.30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-23876?
CVE-2021-23876 refers to a vulnerability in McAfee Total Protection (MTP) prior to version 16.0.30 that allows a local user to gain elevated privileges and perform arbitrary file modification.
What is the severity of CVE-2021-23876?
The severity of CVE-2021-23876 is rated as high (7.8).
How does CVE-2021-23876 impact McAfee Total Protection?
CVE-2021-23876 allows a local user to bypass remote procedure call in McAfee Total Protection, gain elevated privileges, and potentially cause denial of service by executing carefully constructed malware.
Which versions of McAfee Total Protection are affected by CVE-2021-23876?
McAfee Total Protection versions prior to 16.0.30 are affected by CVE-2021-23876.
How can I fix CVE-2021-23876 in McAfee Total Protection?
To fix CVE-2021-23876, users should update McAfee Total Protection to version 16.0.30 or later.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/mcafee
- canonical/mcafee total protection