vulnerability
McAfee Agent: CVE-2021-31847: Mcafee agent for windows update fixes three vulnerabilities (SB10369)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Sep 22, 2021 | Mar 7, 2022 | Mar 7, 2022 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Sep 22, 2021
Added
Mar 7, 2022
Modified
Mar 7, 2022
Description
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.
Solution
mcafee-agent-upgrade-5-7-4

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.