CVE-2021-31854

Name of the Vulnerable Software and Affected Versions McAfee Agent for Windows versions prior to 5.7.5

Description A command injection issue allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit this issue to obtain a reverse shell, which can lead to privilege escalation to obtain root privileges.

Recommendations For versions prior to 5.7.5, update to version 5.7.5 or later to resolve the issue. As a temporary workaround, consider disabling the execution of the cleanup.exe file until a patch is available. Restrict access to the McAfee Agent deployment feature in the System Tree to minimize the risk of exploitation. Avoid using the McAfee Agent deployment feature until the issue is resolved.