CVE-2022-0815

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.

CVSS v3 7.3 HIGH
CVSS v2.0 7.5 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view

Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:webadvisor:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:41

Type	Values Removed	Values Added
References	~~(MISC) https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view - Vendor Advisory~~	() https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view -
CWE	~~CWE-668~~

18 Mar 2022, 17:34

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 7.3
References	~~(MISC) https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view -~~	(MISC) https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view - Vendor Advisory
CWE	~~CWE-284~~	CWE-668
CPE		cpe:2.3:a:mcafee:webadvisor::::::::
First Time		Mcafee Mcafee webadvisor

10 Mar 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-10 23:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-0815

Mitre link : CVE-2022-0815

CVE.ORG link : CVE-2022-0815

JSON object : View

Products Affected

mcafee

webadvisor

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2022-0815", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2022-03-10T23:15:08.500", "references": [{"url": "https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view", "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user\u2019s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inapropiada en las extensiones del navegador McAfee WebAdvisor Chrome y Edge versiones hasta 8.1.0.1895, permite a un atacante remoto acceder a la configuraci\u00f3n de McAfee WebAdvisor y a otros detalles del sistema del usuario. Esto podr\u00eda conllevar a comportamientos no esperados, como el cambio de la configuraci\u00f3n, la toma de huellas dactilares del sistema, conllevando a una realizaci\u00f3n de estafas selectivas, y no desencadenando el software malicioso si es detectado el software de McAfee"}], "lastModified": "2023-11-07T03:41:34.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:webadvisor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E91D9FD-4237-4EB5-ABE9-DA9A9FC2F4C3", "versionEndIncluding": "8.1.0.1895"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}