CVE-2021-31838
HIGHMcAfee MVISION EDR < 3.4.0 - Authenticated OS Command Injection via Execute Reaction
Title source: llmDescription
A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10342
Scores
CVSS v3
8.4
EPSS
0.0289
EPSS Percentile
86.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
mcafee/mvision_edr
< 3.4.0
Published
Jun 29, 2021
Tracked Since
Feb 18, 2026