CVE-2021-31847
HIGHMcAfee Agent < 5.7.4 - DLL Preloading Privilege Escalation via Unprotected Repair Directory
Title source: llmDescription
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.
References (2)
Core 2
Core References
Broken Link x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10369
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-1104/
Scores
CVSS v3
8.2
EPSS
0.0003
EPSS Percentile
10.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-269
CWE-427
CWE-347
Status
published
Products (1)
mcafee/agent
< 5.7.4
Published
Sep 22, 2021
Tracked Since
Feb 18, 2026