CVE-2021-31847 HIGH

CVE-2021-31847: Improper privilege management in repair process of MA for Windows

Vendor Mcafee,Llc
Product McAfee Agent for Windows
Weakness CWE-269
Published September 22, 2021
Last update August 3, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

Key dates

02Disclosure timeline

September 22, 2021 CVE published
August 3, 2024 Record updated