Details

CVE-2021-23879

A critical privilege abuse vulnerability in Endpoint Product Removal Tool by McAfee.



Scroll down

Analysis

Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.

CVSS2


This privilege abuse vulnerability has been classified with a high base score of 7.2, a high impact score of 10 and a low exploitability score of 3.9.

Economic Impact


The economic impact provides a custom overview of the affected areas by this vulnerability. If there is a higher amount of predicted attacks, there is a higher probability to be affected by this vulnerability in this particular region.



CAPEC

Common Attack Pattern Enumeration and Classification (CAPEC) is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to deepen community understanding and enhance protection. The vulnerability has been classificated in 8 categories.

Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources

Restful Privilege Elevation

Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic

CPE

CPE is a structured naming scheme for information technology systems, software, and packages. Based on a common Uniform Resource Identifier (URI) syntax, CPE includes a formal naming format, a method for validating system names, and a description format for attaching text and tests to the name.

All CPE details
+