Strix
26.1K

CVE-2021-31833

HIGHCVSS 7.8/10EPSS 0.25%

Last modified

CVE-2021-31833 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.25%

16.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
McafeeApplication And Change Control< 8.3.4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-31833?
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.
How severe is CVE-2021-31833?
CVE-2021-31833 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.
How do I fix CVE-2021-31833?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-31833?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST