Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.
References
Configurations
History
07 Nov 2023, 03:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10351 - |
26 Apr 2022, 16:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-428 |
19 Mar 2021, 20:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 6.7 |
CPE | cpe:2.3:a:mcafee:endpoint_product_removal_tool:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10351 - Vendor Advisory |
15 Mar 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-15 19:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-23879
Mitre link : CVE-2021-23879
CVE.ORG link : CVE-2021-23879
JSON object : View
Products Affected
mcafee
- endpoint_product_removal_tool
CWE
CWE-428
Unquoted Search Path or Element