CVE-2022-37025

Name of the Vulnerable Software and Affected Versions McAfee Security Scan Plus versions prior to 4.1.262.1

Description The issue is related to improper privilege management, which could allow a local user to modify a configuration file. This modification can lead to a Living off the Land (LOLBin) attack, resulting in the user gaining elevated permissions and being able to execute arbitrary code due to the lack of an integrity check of the configuration file.

Recommendations For versions prior to 4.1.262.1, update to version 4.1.262.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file to prevent modification until a patch is applied.