CVE-2021-31833

HIGH

McAfee Application and Change Control < 8.3.4 - Privilege Escalation via Binary Renaming

Title source: llm

Description

Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.

References (1)

Core 1

Core References

Broken Link x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10370

Scores

CVSS v3 7.1

EPSS 0.0005

EPSS Percentile 14.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

mcafee/application_and_change_control < 8.3.4

Published Jan 04, 2022

Tracked Since Feb 18, 2026