MDE DLL Search Order Hijacking vulnerability
CVE-2021-31853
7.8HIGH
Key Information:
- Vendor
- Mcafee,llc
- Status
- Mcafee Drive Encryption (mde)
- Vendor
- CVE Published:
- 10 November 2021
Summary
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
Affected Version(s)
McAfee Drive Encryption (MDE) < 7.3.0 HF2
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
FatRodzianko