CVE-2023-40352

Name of the Vulnerable Software and Affected Versions McAfee Safe Connect versions prior to 2.16.1.126

Description The issue is related to an uncontrolled search path element, which may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. This can be exploited by a local attacker to escalate privileges on affected installations of McAfee Safe Connect VPN. An attacker must first obtain the ability to execute system-level commands.

Recommendations For versions prior to 2.16.1.126, update to version 2.16.1.126 or later to resolve the issue. As a temporary workaround, consider restricting the loading of arbitrary DLLs to minimize the risk of exploitation.