CVE-2021-31843

Published: Sep 17, 2021Modified: Feb 24, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.

Affected (10)

Products: Mcafee: Endpoint Security

Mcafee

1 product

Endpoint Security

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Mcafee Endpoint Security	Before 10.7.0
Mcafee Endpoint Security	Version 10.7.0
Mcafee Endpoint Security	Version 10.7.0 april_2020
Mcafee Endpoint Security	Version 10.7.0 april_2021
Mcafee Endpoint Security	Version 10.7.0 february_2020
Mcafee Endpoint Security	Version 10.7.0 february_2021
Mcafee Endpoint Security	Version 10.7.0 july_2020
Mcafee Endpoint Security	Version 10.7.0 june_2021
Mcafee Endpoint Security	Version 10.7.0 november_2020
Mcafee Endpoint Security	Version 10.7.0 september_2020

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10367

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10367

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.