CVE-2021-31843

HIGH

McAfee Endpoint Security < 10.7.0 - Improper Privilege Management via Junction Link Manipulation

Title source: llm

Description

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10367

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 10.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-59

Status published

Products (2)

mcafee/endpoint_security 10.7.0 (9 CPE variants)

mcafee/endpoint_security < 10.7.0

Published Sep 17, 2021

Tracked Since Feb 18, 2026