7.8
CVE-2021-31843
- EPSS 0.1%
- Veröffentlicht 17.09.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:06:20
- Quelle trellixpsirt@trellix.com
- Teams Watchlist Login
- Unerledigt Login
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mcafee ≫ Endpoint Security SwPlatformwindows Version < 10.7.0
Mcafee ≫ Endpoint Security Version10.7.0 Update- SwPlatformwindows
Mcafee ≫ Endpoint Security Version10.7.0 Updateapril_2020 SwPlatformwindows
Mcafee ≫ Endpoint Security Version10.7.0 Updateapril_2021 SwPlatformwindows
Mcafee ≫ Endpoint Security Version10.7.0 Updatefebruary_2020 SwPlatformwindows
Mcafee ≫ Endpoint Security Version10.7.0 Updatefebruary_2021 SwPlatformwindows
Mcafee ≫ Endpoint Security Version10.7.0 Updatejuly_2020 SwPlatformwindows
Mcafee ≫ Endpoint Security Version10.7.0 Updatejune_2021 SwPlatformwindows
Mcafee ≫ Endpoint Security Version10.7.0 Updatenovember_2020 SwPlatformwindows
Mcafee ≫ Endpoint Security Version10.7.0 Updateseptember_2020 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.25 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| trellixpsirt@trellix.com | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.