CVE-2022-0815 - Vulnerability Details - OpenCVE

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Webadvisor

Configuration 1 [-]

cpe:2.3:a:mcafee:webadvisor:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2022-03-10T22:30:11

Updated: 2024-08-02T23:40:04.354Z

Reserved: 2022-03-01T00:00:00

Link: CVE-2022-0815

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-10T23:15:08.500

Modified: 2024-11-21T06:39:27.250

Link: CVE-2022-0815

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "McAfee WebAdvisor", "vendor": "McAfee", "versions": [{"lessThanOrEqual": "8.1.0.1895", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user\u2019s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "CWE-668: Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-10T22:30:11", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view"}], "source": {"advisory": "TS103273", "discovery": "EXTERNAL"}, "title": "McAfee WebAdvisor - Extension Fingerprinting vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2022-0815", "STATE": "PUBLIC", "TITLE": "McAfee WebAdvisor - Extension Fingerprinting vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee WebAdvisor", "version": {"version_data": [{"version_affected": "<=", "version_value": "8.1.0.1895"}]}}]}, "vendor_name": "McAfee"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user\u2019s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-668: Exposure of Resource to Wrong Sphere"}]}]}, "references": {"reference_data": [{"name": "https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view", "refsource": "MISC", "url": "https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view"}]}, "source": {"advisory": "TS103273", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:40:04.354Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2022-0815", "datePublished": "2022-03-10T22:30:11", "dateReserved": "2022-03-01T00:00:00", "dateUpdated": "2024-08-02T23:40:04.354Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:webadvisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E91D9FD-4237-4EB5-ABE9-DA9A9FC2F4C3", "versionEndIncluding": "8.1.0.1895", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user\u2019s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inapropiada en las extensiones del navegador McAfee WebAdvisor Chrome y Edge versiones hasta 8.1.0.1895, permite a un atacante remoto acceder a la configuraci\u00f3n de McAfee WebAdvisor y a otros detalles del sistema del usuario. Esto podr\u00eda conllevar a comportamientos no esperados, como el cambio de la configuraci\u00f3n, la toma de huellas dactilares del sistema, conllevando a una realizaci\u00f3n de estafas selectivas, y no desencadenando el software malicioso si es detectado el software de McAfee"}], "id": "CVE-2022-0815", "lastModified": "2024-11-21T06:39:27.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-10T23:15:08.500", "references": [{"source": "trellixpsirt@trellix.com", "url": "https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://service.mcafee.com/?articleId=TS103273&page=shell&shell=article-view"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}