← voltar
CVE-2021-31840

DLL preload vulnerability in McAfee Agent for Windows

CVSS 7.3 HIGHEPSS 0.3%CWE-427
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 jun 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
McAfee,LLC · McAfee Agent for Windows

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://kc.mcafee.com/corporate/index?page=content&id=SB10362