23rd October 2021

McAfee Endpoint Security Agent Vulnerability – CVE-2021-31836, CVE-2021-31841, CVE-2021-31847

A security vulnerability has been identified in the McAfee Endpoint Security service, a comprehensive security management solution developed to automatically identify and block threats, allowing threat actors to elevate their privileges on Windows systems. The vulnerability, code CVE-2021-31847, allows local threat actors to elevate privileges on affected McAfee Endpoint Security installations. However, in order for threat actors to exploit this vulnerability, they must first acquire the ability to execute low-privileged code on the target system. The vulnerability is present in the installer and is caused by incorrect permissions set on a resource used by the installer. Threat actors can exploit this vulnerability to escalate privileges and execute arbitrary code in the SYSTEM context.

Affected Systems

All systems with McAfee Agent installed on Windows.

Solution and CVE/CWE

The vulnerability, which is considered to be of high criticality, has been fixed with the updates published by McAfee. We recommend that users using vulnerable Endpoint Security versions apply the released updates immediately. Download Mcafee agent’s EXTENSION and Package from Mcafee’s website below. Upload it to the ePO server. Make the agent distribution, which is the new version 5.7.4. You can get detailed information from the link below.

https://kc.mcafee.com/corporate/index?page=content&id=SB10369

CVE/CWE: CVE-2021-31836, CVE-2021-31841, CVE-2021-31847

Package from Mcafee
EXTENSION from Mcafee
EXTENSION from Mcafee

 

Note: Those with a CVSS 3.1 score of 7.0-8.9 out of 10 are considered “high”, and those with 9.0-10.0 are considered “critical” vulnerabilities.

Reference:

https://kc.mcafee.com/corporate/index?page=content&id=SB10369

 

LEARN MORE  What is Evidence in Mcafee DLP? Evidence File Path Access Error and Solution

Leave a Reply

Your email address will not be published. Required fields are marked *