CVE-2021-31843

CWE-59CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 90.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee,llc Mcafee Endpoint Security (ens) FOR WindowsMcafee Endpoint Security
Timeline
PublishedSep 17
Latest updateMay 24

Description

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee,llc/mcafee_endpoint_security_(ens)_for_windowsunspecified10.7.0 September 2021 Update
NVDmcafee/endpoint_security< 10.7.0+1

🔴Vulnerability Details

2
GHSA
GHSA-5r8p-h2wh-wvq8: Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 102022-05-24
CVEList
Improper access control vulnerability in McAfee ENS for Windows2021-09-17
CVE-2021-31843 (HIGH CVSS 7.8) | Improper privileges management vuln | cvebase.io