CVE-2021-23885Improper Privilege Management in LLC Mcafee WEB Gateway

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
CNA9.0
EPSS
0.9%
top 23.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee WEB GatewayMcafee WEB Gateway
Timeline
PublishedFeb 17
Latest updateMay 24

Description

Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDmcafee/web_gateway9.29.2.8+2
CVEListV5mcafee_llc/mcafee_web_gatewayunspecified9.2.8

🔴Vulnerability Details

2
GHSA
GHSA-286x-xfxm-75r6: Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 92022-05-24
CVEList
Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI2021-02-17
CVE-2021-23885 — Improper Privilege Management | cvebase