CVE-2021-23882
Improper Access Control in the ENS installer
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.
Una vulnerabilidad de Control de Acceso Inapropiado en McAfee Endpoint Security (ENS) para Windows versiones anteriores a 10.7.0 actualización de Febrero de 2021, permite a administradores locales impedir la instalación de algunos archivos ENS al colocar archivos cuidadosamente diseñados donde será instalado ENS. Esto solo se aplica a instalaciones limpias de ENS, ya que las reglas de Control de Acceso impedirán modificaciones antes de llevar a cabo una actualización
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-12 CVE Reserved
- 2021-02-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10345 | 2023-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | < 10.7.0 Search vendor "Mcafee" for product "Endpoint Security" and version " < 10.7.0" | windows |
Affected
| ||||||