CVE-2021-23892

By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.

CVSS v3 7.0 HIGH
CVSS v2.0 6.9 MEDIUM

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10355

Configurations

Configuration 1 (hide)

cpe:2.3:o:mcafee:endpoint_security_for_linux_threat_prevention:*:*:*:*:*:linux:*:*

History

20 Dec 2022, 09:15

Type	Values Removed	Values Added
CWE	~~CWE-367~~	CWE-59

30 Aug 2022, 22:44

Type	Values Removed	Values Added
CWE	~~CWE-362~~	CWE-367

20 May 2021, 14:05

Type	Values Removed	Values Added
References	~~(CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10355 -~~	(CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10355 - Vendor Advisory
CPE		cpe:2.3:o:mcafee:endpoint_security_for_linux_threat_prevention::::::linux::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.9 v3 : 7.0

Information

Published : 2021-05-12 09:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-23892

Mitre link : CVE-2021-23892

CVE.ORG link : CVE-2021-23892

JSON object : View

Products Affected

mcafee

endpoint_security_for_linux_threat_prevention

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2021-23892", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2021-05-12T09:15:07.470", "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10355", "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.\n\n"}, {"lang": "es", "value": "Al explotar una condici\u00f3n de carrera de tiempo de verificaci\u00f3n a tiempo de uso (TOCTOU) durante el proceso de instalaci\u00f3n de Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW), un usuario local puede llevar a cabo un ataque de escalada de privilegios para alcanzar privilegios de administrador para el prop\u00f3sito de ejecutar c\u00f3digo arbitrario a trav\u00e9s del uso no seguro de ubicaciones predecibles de archivos temporales"}], "lastModified": "2023-11-07T03:30:59.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mcafee:endpoint_security_for_linux_threat_prevention:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "98894A60-D42C-43FE-A471-8BBB4EFEBF0B", "versionEndExcluding": "10.7.5", "versionStartIncluding": "10.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}