CVE-2022-0815 MEDIUM

CVE-2022-0815: McAfee WebAdvisor - Extension Fingerprinting vulnerability

Vendor Mcafee
Product McAfee WebAdvisor
Weakness CWE-668
Published March 10, 2022
Last update August 2, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.

Key dates

02Disclosure timeline

March 10, 2022 CVE published
August 2, 2024 Record updated