vulnerability

McAfee Agent: CVE-2021-31847: Mcafee agent for windows update fixes three vulnerabilities (SB10369)

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Sep 22, 2021
Added
Mar 7, 2022
Modified
Mar 7, 2022

Description

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

Solution

mcafee-agent-upgrade-5-7-4
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.