Privilege Escalation Vulnerability in McAfee Endpoint Security for Linux
CVE-2021-23892
8.2HIGH
Key Information:
- Vendor
- Mcafee,llc
- Status
- Mcafee Endpoint Security (ens) For Linux
- Vendor
- CVE Published:
- 12 May 2021
Summary
A local user can exploit a time of check to time of use (TOCTOU) race condition during the installation of McAfee Endpoint Security for Linux Threat Prevention and Firewall. This weakness allows unauthorized users to gain administrator privileges, enabling them to execute arbitrary code by taking advantage of predictable temporary file locations that are insecurely handled during the installation process.
Affected Version(s)
McAfee Endpoint Security (ENS) for Linux Linux < 10.7.5
References
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved