Security Bypass Vulnerability in McAfee Application and Change Control
CVE-2021-31833

7.1HIGH

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Application And Change Control (macc)
Vendor: CVE Published:; 4 January 2022

Summary

A security bypass vulnerability exists in McAfee Application and Change Control (MACC) which may allow a locally logged-in attacker to circumvent built-in application solidification protections. This could enable the attacker to execute applications that MACC normally prevents. The attack necessitates the renaming of a specified binary to match the name of a configured updater and entails a specific sequence of manipulations to successfully execute the renamed binary, thereby undermining the integrity of the application control mechanisms.

Affected Version(s)

McAfee Application and Change Control (MACC) < 8.3.4

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2022
Vulnerability Reserved
Apr 27, 2021