Privilege Escalation Vulnerability in McAfee Endpoint Security for Linux
CVE-2021-23892
8.2HIGH
What is CVE-2021-23892?
A local user can exploit a time of check to time of use (TOCTOU) race condition during the installation of McAfee Endpoint Security for Linux Threat Prevention and Firewall. This weakness allows unauthorized users to gain administrator privileges, enabling them to execute arbitrary code by taking advantage of predictable temporary file locations that are insecurely handled during the installation process.
Affected Version(s)
McAfee Endpoint Security (ENS) for Linux Linux < 10.7.5