CVE-2021-23892
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.
Al explotar una condición de carrera de tiempo de verificación a tiempo de uso (TOCTOU) durante el proceso de instalación de Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW), un usuario local puede llevar a cabo un ataque de escalada de privilegios para alcanzar privilegios de administrador para el propósito de ejecutar código arbitrario a través del uso no seguro de ubicaciones predecibles de archivos temporales
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-12 CVE Reserved
- 2021-05-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10355 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mcafee Search vendor "Mcafee" | Endpoint Security For Linux Threat Prevention Search vendor "Mcafee" for product "Endpoint Security For Linux Threat Prevention" | >= 10.5.0 < 10.7.5 Search vendor "Mcafee" for product "Endpoint Security For Linux Threat Prevention" and version " >= 10.5.0 < 10.7.5" | linux |
Affected
|