CVE-2021-31841 HIGH

CVE-2021-31841: DLL side loading vulnerability in MA for Windows

Vendor Mcafee,Llc
Product McAfee Agent for Windows
Weakness CWE-426
Published September 22, 2021
Last update August 3, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.

Key dates

02Disclosure timeline

September 22, 2021 CVE published
August 3, 2024 Record updated