CVE-2021-23882

CWE-269Improper Privilege Management3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 85.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Endpoint Security (ens) FOR WindowsMcafee Endpoint Security
Timeline
PublishedFeb 10
Latest updateMay 24

Description

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

CVEListV5mcafee_llc/endpoint_security_(ens)_for_windows10.7.x10.7.0 February 2021

🔴Vulnerability Details

2
GHSA
GHSA-x6wv-qc8f-w4r2: Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 102022-05-24
CVEList
Improper Access Control in the ENS installer2021-02-10
CVE-2021-23882 (MEDIUM CVSS 4.4) | Improper Access Control vulnerabili | cvebase.io