CVE-2021-31841
DLL side loading vulnerability in MA for Windows
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.
Una vulnerabilidad de carga lateral de DLL en McAfee Agent for Windows versiones anteriores a 5.7.4, podría permitir a un usuario local llevar a cabo un ataque de carga lateral de DLL con una DLL no firmada con un nombre específico y en una ubicación concreta. Esto haría que el usuario obtuviera permisos elevados y la capacidad de ejecutar código arbitrario como usuario del sistema, al no comprobar la firma de la DLL
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-27 CVE Reserved
- 2021-09-22 CVE Published
- 2023-11-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
- CWE-426: Untrusted Search Path
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10369 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Mcafee Agent Search vendor "Mcafee" for product "Mcafee Agent" | < 5.7.4 Search vendor "Mcafee" for product "Mcafee Agent" and version " < 5.7.4" | windows |
Affected
| ||||||