CVE-2021-23880

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

Published: Feb 10, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-23880
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
mcafee / endpoint_security	-	10.7.0

https://kc.mcafee.com/corporate/index?page=content&id=SB10345

Vulnerability Database

289,689

CVE-2021-23880