CVE-2021-23882
Last modified
CVE-2021-23882 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Endpoint Security | < 10.7.0 |
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10345Broken Link, Vendor Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10345Broken Link, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-23882?
How severe is CVE-2021-23882?
How do I fix CVE-2021-23882?
Are you affected by CVE-2021-23882?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST