CVE-2021-31841

Published: Sep 22, 2021Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.

Affected (1)

Products: Mcafee: Mcafee Agent

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Mcafee Agent	Before 5.7.4

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10369

Source: trellixpsirt@trellix.com

Broken Link

https://kc.mcafee.com/corporate/index?page=content&id=SB10369

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.