What is the severity of CVE-2021-31845?

The severity of CVE-2021-31845 is rated as high with a CVSS score of 7.3.

How does CVE-2021-31845 work?

CVE-2021-31845 allows an attacker in the same network as the DLP Discover to execute arbitrary code by placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan them.

What software is affected by CVE-2021-31845?

The vulnerability affects McAfee Data Loss Prevention (DLP) Discover versions prior to 11.6.100.

How can I fix CVE-2021-31845?

To fix CVE-2021-31845, users should update McAfee Data Loss Prevention (DLP) Discover to version 11.6.100 or higher.

Vulnerability/
CVE-2021-31845

high

8.4

CWE

120 119

17/9/2021

3/8/2024

CVE-2021-31845: Remote Code Execution in McAfee DLP Discover

Q: What is CVE-2021-31845?

CVE-2021-31845 is a buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to version 11.6.100.

First published: Fri Sep 17 2021(Updated: )

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Credit: psirt@mcafee.com trellixpsirt@trellix.com

Affected Software	Affected Version	How to fix
Mcafee Data Loss Prevention Discover	<11.6.100
Mcafee Data Loss Prevention Discover	>=11.7.0<11.7.100

Remedy

https://kc.mcafee.com/corporate/index?page=content&id=SB10368

Never miss a vulnerability like this again

Reference Links

https://kc.mcafee.com/corporate/index?page=content&id=SB10368

Frequently Asked Questions

What is CVE-2021-31845?
CVE-2021-31845 is a buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to version 11.6.100.
What is the severity of CVE-2021-31845?
The severity of CVE-2021-31845 is rated as high with a CVSS score of 7.3.
How does CVE-2021-31845 work?
CVE-2021-31845 allows an attacker in the same network as the DLP Discover to execute arbitrary code by placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan them.
What software is affected by CVE-2021-31845?
The vulnerability affects McAfee Data Loss Prevention (DLP) Discover versions prior to 11.6.100.
How can I fix CVE-2021-31845?
To fix CVE-2021-31845, users should update McAfee Data Loss Prevention (DLP) Discover to version 11.6.100 or higher.

collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/weakness
agent/last-modified-date
agent/title
agent/remedy
agent/tags
agent/event
agent/first-publish-date
agent/description
vendor/mcafee
canonical/mcafee data loss prevention discover
version/mcafee data loss prevention discover/11.7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.