PT-2021-19545 · Mcafee · Mcafee Endpoint Security
Published
2021-09-17
·
Updated
2026-02-24
·
CVE-2021-31843
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
McAfee Endpoint Security (ENS) Windows versions prior to 10.7.0 September 2021 Update
Description
The issue allows local users to access files they would otherwise not have access to by manipulating junction links to redirect McAfee folder operations to an unintended location. This is due to an improper privileges management vulnerability.
Recommendations
For versions prior to 10.7.0 September 2021 Update, update to the September 2021 Update or later to resolve the issue. As a temporary workaround, consider restricting access to the McAfee folder operations to minimize the risk of exploitation.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcafee Endpoint Security