← volver
CVE-2021-31840

DLL preload vulnerability in McAfee Agent for Windows

CVSS 7.3 HIGHEPSS 0.3%CWE-427
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 jun 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Productos afectados
McAfee,LLC · McAfee Agent for Windows

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://kc.mcafee.com/corporate/index?page=content&id=SB10362