Vulnerability Description
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Agent | < 5.7.4 |
Related Weaknesses (CWE)
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10369Broken Link
- https://www.zerodayinitiative.com/advisories/ZDI-21-1104/Third Party AdvisoryVDB Entry
- https://kc.mcafee.com/corporate/index?page=content&id=SB10369Broken Link
- https://www.zerodayinitiative.com/advisories/ZDI-21-1104/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-31847?
CVE-2021-31847 is a vulnerability with a CVSS score of 8.2 (HIGH). Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would ...
How severe is CVE-2021-31847?
CVE-2021-31847 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31847?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Agent.