// For flags

CVE-2021-23893

Privilege Escalation vulnerability in McAfee Drive Encryption (MDE)

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.

Una vulnerabilidad de escalada de privilegios en un controlador de sistema de Windows de McAfee Drive Encryption (DE) versiones anteriores a 7.3.0, podría permitir a un usuario local no administrador alcanzar privilegios elevados del sistema por medio de una explotación de un búfer de memoria no utilizado

*Credits: Balazs Bucsay (@xoreipeip), Principal Security Consultant from NCC Group
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-12 CVE Reserved
  • 2021-10-01 CVE Published
  • 2023-04-24 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
CAPEC
References (1)
URL Tag Source
https://kc.mcafee.com/corporate/index?page=content&id=SB10361 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mcafee
Search vendor "Mcafee"
 Drive Encryption
Search vendor "Mcafee" for product "Drive Encryption"
 < 7.3.0
Search vendor "Mcafee" for product "Drive Encryption" and version " < 7.3.0"
-
Affected
Mcafee
Search vendor "Mcafee"
 Drive Encryption
Search vendor "Mcafee" for product "Drive Encryption"
 7.3.0
Search vendor "Mcafee" for product "Drive Encryption" and version "7.3.0"
-
Affected