CVE Vulnerability

CVE-2021-31833

Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.

4.6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10370 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:mcafee:application_and_change_control:*:*:*:*:*:*:*:*
Information

Published : 2022-01-04 10:15

Updated : 2022-01-12 09:27

NVD link : CVE-2021-31833

Mitre link : CVE-2021-31833

Products Affected

Application And Change Control

Mcafee

CWE
CWE-269