CVE-2021-23885: Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI
First published: Wed Feb 17 2021(Updated: )
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Web Gateway | <8.2.17 | |
| McAfee Web Gateway | >=9.2<9.2.8 | |
| McAfee Web Gateway | >=10.0<10.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-23885?
CVE-2021-23885 is a privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to version 9.2.8.
How does CVE-2021-23885 allow an attacker to gain elevated privileges?
CVE-2021-23885 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.
Which versions of McAfee Web Gateway are affected by CVE-2021-23885?
McAfee Web Gateway versions prior to 9.2.8 are affected by CVE-2021-23885.
What is the severity of CVE-2021-23885?
CVE-2021-23885 has a severity rating of 8.8 (Critical).
How can I fix CVE-2021-23885?
To fix CVE-2021-23885, users should update McAfee Web Gateway to version 9.2.8 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/mcafee
- canonical/mcafee web gateway
- version/mcafee web gateway/9.2
- version/mcafee web gateway/10.0