CVE-2021-31839

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.

CVSS v3 3.3 LOW
CVSS v2.0 2.1 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10362	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:agent:*:*:*:*:*:windows:*:*

History

15 Nov 2023, 20:49

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://kc.mcafee.com/corporate/index?page=content&id=SB10362 -~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10362 - Broken Link

07 Nov 2023, 03:35

Type	Values Removed	Values Added
References	~~(CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10362 - Patch, Vendor Advisory~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10362 -
CWE	~~CWE-269~~

Information

Published : 2021-06-10 17:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-31839

Mitre link : CVE-2021-31839

CVE.ORG link : CVE-2021-31839

JSON object : View

Products Affected

mcafee

agent

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

{"id": "CVE-2021-31839", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.3}]}, "published": "2021-06-10T17:15:08.113", "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10362", "tags": ["Broken Link"], "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server."}, {"lang": "es", "value": "Una vulnerabilidad de gesti\u00f3n de privilegios inapropiada en McAfee Agent para Windows anterior a versi\u00f3n 5.7.3 permite a un usuario local modificar la informaci\u00f3n de eventos en la carpeta de eventos de MA. Esto permite a un usuario local a\u00f1adir eventos falsos o eliminar eventos de los registros de eventos antes de que se env\u00eden al servidor de ePO"}], "lastModified": "2023-11-15T20:49:17.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "5366D0B6-49D6-46B6-A3E8-F836880B2276", "versionEndExcluding": "5.7.3", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}