Improper Access Control in the ENS installer
CVE-2021-23880

6.7MEDIUM

Key Information:

Vendor: Mcafee Llc
Status: Endpoint Security (ens) For Windows
Vendor: CVE Published:; 10 February 2021

What is CVE-2021-23880?

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

Affected Version(s)

Endpoint Security (ENS) for Windows 10.7.x < 10.7.0 February 2021

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2021
Vulnerability Reserved
Jan 12, 2021

Mcafee Llc

What is CVE-2021-23880?

Affected Version(s)

References

CVSS V3.1

Timeline