Lucene search

TrellixCVELIST:CVE-2021-31840

HistoryJun 10, 2021 - 4:20 p.m.

CVE-2021-31840 DLL preload vulnerability in McAfee Agent for Windows

2021-06-1016:20:12

CWE-427

trellix

www.cve.org

vulnerability

preloading mechanism

dynamic link libraries

mcafee agent

windows

authenticated attacker

local

dll preloading attack

unsigned dlls

credentials

elevated permissions

arbitrary code

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "McAfee Agent for Windows",
    "vendor": "McAfee,LLC",
    "versions": [
      {
        "lessThan": "5.7.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10362

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-31840