Improper Access Control in the ENS installer
CVE-2021-23880

6.7MEDIUM

Key Information:

Vendor

Mcafee Llc

Vendor
CVE Published:
10 February 2021

What is CVE-2021-23880?

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

Affected Version(s)

Endpoint Security (ENS) for Windows 10.7.x < 10.7.0 February 2021

References

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.