Privilege Escalation Vulnerability in McAfee Endpoint Security for Linux
CVE-2021-23892

8.2HIGH

Key Information:

Vendor

Mcafee,llc

Vendor
CVE Published:
12 May 2021

What is CVE-2021-23892?

A local user can exploit a time of check to time of use (TOCTOU) race condition during the installation of McAfee Endpoint Security for Linux Threat Prevention and Firewall. This weakness allows unauthorized users to gain administrator privileges, enabling them to execute arbitrary code by taking advantage of predictable temporary file locations that are insecurely handled during the installation process.

Affected Version(s)

McAfee Endpoint Security (ENS) for Linux Linux < 10.7.5

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-23892 : Privilege Escalation Vulnerability in McAfee Endpoint Security for Linux