Improper Access Control in the ENS installer
CVE-2021-23882

8.2HIGH

Key Information:

Vendor: Mcafee Llc
Status: Endpoint Security (ens) For Windows
Vendor: CVE Published:; 10 February 2021

Summary

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.

Affected Version(s)

Endpoint Security (ENS) for Windows 10.7.x < 10.7.0 February 2021

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 10, 2021
Vulnerability Reserved
Jan 12, 2021