CVE-2021-31839 – Incorrect permissions on McAfee Agent for Windows event folder
https://notcve.org/view.php?id=CVE-2021-31839
Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server. Una vulnerabilidad de gestión de privilegios inapropiada en McAfee Agent para Windows anterior a versión 5.7.3 permite a un usuario local modificar la información de eventos en la carpeta de eventos de MA. Esto permite a un usuario local añadir eventos falsos o eliminar eventos de los registros de eventos antes de que se envíen al servidor de ePO • https://kc.mcafee.com/corporate/index?page=content&id=SB10362 • CWE-269: Improper Privilege Management •
CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 https://kc.mc • CWE-295: Improper Certificate Validation •
CVE-2021-1257 – Cisco DNA Center Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2021-1257
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. • https://kc.mcafee.com/corporate/index?page=content&id=SB10382 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-csrf-dC83cMcV • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-7343 – Improper Authorization vulnerability in MA
https://notcve.org/view.php?id=CVE-2020-7343
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files. Una vulnerabilidad de falta de Autorización en McAfee Agent (MA) para Windows versiones anteriores a 5.7.1, permite a usuarios locales bloquear las actualizaciones de productos de McAfee al manipular un directorio usado por MA para archivos temporales. El producto seguiría funcionando con archivos de detección desactualizados • https://kc.mcafee.com/corporate/index?page=content&id=SB10343 • CWE-862: Missing Authorization •
CVE-2021-1258 – Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2021-1258
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability. • https://kc.mcafee.com/corporate/index?page=content&id=SB10382 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-fileread-PbHbgHMj • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •