CVE-2021-31843 HIGH

CVE-2021-31843: Improper access control vulnerability in McAfee ENS for Windows

Vendor Mcafee,Llc
Product McAfee Endpoint Security (ENS) for WIndows
Weakness CWE-59
Published September 17, 2021
Last update August 3, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.

Key dates

02Disclosure timeline

September 17, 2021 CVE published
August 3, 2024 Record updated