Privilege Escalation Vulnerability in McAfee Endpoint Security for Linux
CVE-2021-23892

8.2HIGH

Key Information:

Vendor
Mcafee,llc
Status
Mcafee Endpoint Security (ens) For Linux
Vendor
CVE Published:
12 May 2021

Summary

A local user can exploit a time of check to time of use (TOCTOU) race condition during the installation of McAfee Endpoint Security for Linux Threat Prevention and Firewall. This weakness allows unauthorized users to gain administrator privileges, enabling them to execute arbitrary code by taking advantage of predictable temporary file locations that are insecurely handled during the installation process.

Affected Version(s)

McAfee Endpoint Security (ENS) for Linux Linux < 10.7.5

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.