CVE-2021-31843

EUVD-2021-18718
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
trellixCNA
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
mcafeeendpoint_security
𝑥
< 10.7.0
mcafeeendpoint_security
10.7.0
mcafeeendpoint_security
10.7.0:april_2020
mcafeeendpoint_security
10.7.0:april_2021
mcafeeendpoint_security
10.7.0:february_2020
mcafeeendpoint_security
10.7.0:february_2021
mcafeeendpoint_security
10.7.0:july_2020
mcafeeendpoint_security
10.7.0:june_2021
mcafeeendpoint_security
10.7.0:november_2020
mcafeeendpoint_security
10.7.0:september_2020
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10367
https://kc.mcafee.com/corporate/index?page=content&id=SB10367