CVE-2021-23892
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| McAfee,LLC | McAfee Endpoint Security (ENS) for Linux | unspecified < 10.7.5 | affected |
Weaknesses
- CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.