PT-2022-2271 · Mcafee · Mcafee Web Advisor

Published

2022-03-07

Updated

2022-05-10

CVE-2022-0815

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions McAfee WebAdvisor versions up to 8.1.0.1895

Description The issue is related to improper access control in the McAfee WebAdvisor Chrome and Edge browser extensions. This could allow a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system, leading to unexpected behaviors such as settings being changed, fingerprinting of the system, and targeted scams. The attacker could also prevent malicious software from being detected if McAfee software is present.

Recommendations For versions up to 8.1.0.1895, update to a version later than 8.1.0.1895 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Fix

Improper Access Control

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-668

Related Identifiers

BDU:2022-02381

CVE-2022-0815

Affected Products

Mcafee Web Advisor

PT-2022-2271 · Mcafee · Mcafee Web Advisor

CVE-2022-0815

Weakness Enumeration

Related Identifiers

Affected Products

References · 7