CVE-2021-23880

CWE-269Improper Privilege Management3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 84.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Endpoint Security (ens) FOR WindowsMcafee Endpoint Security
Timeline
PublishedFeb 10
Latest updateMay 24

Description

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee_llc/endpoint_security_(ens)_for_windows10.7.x10.7.0 February 2021

🔴Vulnerability Details

2
GHSA
GHSA-423w-5759-v9fv: Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 102022-05-24
CVEList
Improper Access Control in the ENS installer2021-02-10
CVE-2021-23880 (MEDIUM CVSS 4.4) | Improper Access Control in attribut | cvebase.io