What is the severity of CVE-2021-31847?

The severity of CVE-2021-31847 is high with a severity value of 7.8.

How can an attacker exploit CVE-2021-31847?

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit CVE-2021-31847.

What versions of McAfee Endpoint Security are affected by CVE-2021-31847?

McAfee Endpoint Security versions up to and excluding 5.7.4 are affected by CVE-2021-31847.

How can I fix CVE-2021-31847?

Update McAfee Endpoint Security to a version higher than 5.7.4 to fix CVE-2021-31847.

Vulnerability/
CVE-2021-31847

high

8.2

CWE

269 347 427

22/9/2021

3/8/2024

CVE-2021-31847: McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability

Q: Where can I find more information about CVE-2021-31847?

You can find more information about CVE-2021-31847 in the following references: [McAfee Knowledge Center](https://kc.mcafee.com/corporate/index?page=content&id=SB10369) and [Zero Day Initiative Advisories](https://www.zerodayinitiative.com/advisories/ZDI-21-1104/).

First published: Wed Sep 22 2021(Updated: )

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

Credit: psirt@mcafee.com trellixpsirt@trellix.com

Affected Software	Affected Version	How to fix
Mcafee Mcafee Agent	<5.7.4
Mcafee Endpoint Security
Mcafee Agent	<5.7.4

Remedy

https://kc.mcafee.com/corporate/index?page=content&id=SB10369

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-31847?
The severity of CVE-2021-31847 is high with a severity value of 7.8.
How can an attacker exploit CVE-2021-31847?
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit CVE-2021-31847.
What versions of McAfee Endpoint Security are affected by CVE-2021-31847?
McAfee Endpoint Security versions up to and excluding 5.7.4 are affected by CVE-2021-31847.
How can I fix CVE-2021-31847?
Update McAfee Endpoint Security to a version higher than 5.7.4 to fix CVE-2021-31847.
Where can I find more information about CVE-2021-31847?
You can find more information about CVE-2021-31847 in the following references: [McAfee Knowledge Center](https://kc.mcafee.com/corporate/index?page=content&id=SB10369) and [Zero Day Initiative Advisories](https://www.zerodayinitiative.com/advisories/ZDI-21-1104/).

collector/nvd-index
collector/nvd-api
agent/references
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/title
agent/remedy
agent/tags
agent/event
agent/first-publish-date
agent/description
collector/zdi-advisory
source/ZDI
alias/ZDI-21-1104
alias/ZDI-CAN-13800
alias/CVE-2021-31847
agent/software-canonical-lookup
vendor/mcafee
canonical/mcafee mcafee agent
canonical/mcafee agent
canonical/mcafee endpoint security

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.