vulnerability

McAfee Agent: CVE-2021-31847: Mcafee agent for windows update fixes three vulnerabilities (SB10369)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Sep 22, 2021	Mar 7, 2022	Mar 7, 2022

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Sep 22, 2021

Added

Mar 7, 2022

Modified

Mar 7, 2022

Description

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

Solution

mcafee-agent-upgrade-5-7-4

References

CVE-2021-31847
https://attackerkb.com/topics/CVE-2021-31847
MCAFEE-SB10369

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today