CVE-2021-23883 MEDIUM

CVE-2021-23883: Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS)

Vendor Mcafee Llc
Product Endpoint Security (ENS) for Windows
Weakness CWE-476
Published February 10, 2021
Last update September 17, 2024

CVSS base score

4.0/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to this update.

Key dates

02Disclosure timeline

February 10, 2021 CVE published
September 17, 2024 Record updated