7 - CVE-2021-23892

Executive Summary

Informations
Name	CVE-2021-23892	First vendor Publication	2021-05-12
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	7
Base Score	7	Environmental Score	7
impact SubScore	5.9	Temporal Score	7
Exploitabality Sub Score	1

Attack Vector	Local	Attack Complexity	High
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23892

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mcafee Endpoint Security For Linux Threat Prevention cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.5.1:::::::* cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.2.3:::::linux:: cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.2.3:::::::* cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.2.2:::::linux:: cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.2.0:::::linux::	5
Os	Mcafee Endpoint Security For Linux Threat Prevention cpe:2.3:o:mcafee:endpoint_security_for_linux_threat_prevention::::::linux::*	1

Sources (Detail)

https://kc.mcafee.com/corporate/index?page=content&id=SB10355

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-11-10 02:40:22	Multiple Updates
2023-11-10 02:11:56	Multiple Updates
2023-11-09 17:33:34	Multiple Updates
2023-11-07 21:34:57	Multiple Updates
2023-02-11 21:27:30	Multiple Updates
2022-12-20 17:27:33	Multiple Updates
2022-08-31 05:27:31	Multiple Updates
2021-05-20 21:23:13	Multiple Updates
2021-05-18 01:39:19	Multiple Updates
2021-05-18 01:38:54	Multiple Updates
2021-05-17 21:23:07	Multiple Updates
2021-05-12 13:22:46	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	6
Sources(s)	1

7 - CVE-2021-23892

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU