CVE-2021-31845
Last modified
CVE-2021-31845 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.. EPSS estimates a 1.08% chance of exploitation in the next 30 days.
Description
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Data Loss Prevention Discover | < 11.6.100 |
| Mcafee | Data Loss Prevention Discover | >= 11.7.0, < 11.7.100 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-31845?
How severe is CVE-2021-31845?
How do I fix CVE-2021-31845?
Are you affected by CVE-2021-31845?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST