CVE-2022-37025
First published: Thu Aug 18 2022(Updated: )
An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Security Scan Plus | <4.1.262.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-37025?
CVE-2022-37025 is an improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before version 4.1.262.1.
How does CVE-2022-37025 impact McAfee Security Scan Plus?
CVE-2022-37025 allows a local user to modify a configuration file and perform a Living off the Land Binary (LOLBin) attack, potentially gaining elevated permissions and executing arbitrary code.
What is the severity of CVE-2022-37025?
CVE-2022-37025 has a severity rating of 7.8 (high).
How can I fix CVE-2022-37025?
To fix CVE-2022-37025, users should update their McAfee Security Scan Plus to version 4.1.262.1 or later.
Where can I find more information about CVE-2022-37025?
You can find more information about CVE-2022-37025 on the MITRE ATT&CK website and the McAfee Security Scan Plus support page.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee security scan plus