vulnerability

McAfee Agent: CVE-2021-31840: Mcafee agent for windows update fixes two vulnerabilities (SB10362)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:S/C:C/I:C/A:C)	Jul 29, 2021	Jul 29, 2021	Jan 28, 2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

Jul 29, 2021

Added

Jul 29, 2021

Modified

Jan 28, 2025

Description

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code.

Solution

mcafee-agent-upgrade-5-7-3-245

References

CVE-2021-31840
https://attackerkb.com/topics/CVE-2021-31840
MCAFEE-SB10362

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today