How serious is CVE-2021-23892?

This vulnerability has a CVSS score of 7 out of 10, classified as HIGH severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2021-23892?

Yes, proof-of-concept exploit code for CVE-2021-23892 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2021-23892?

CVE-2021-23892 affects mcafee endpoint security for linux threat prevention. Check the full CVE details for specific version information.

How do I fix CVE-2021-23892?

To remediate CVE-2021-23892, check for security patches from mcafee. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2021-23892

High

|7.0

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows a local user to gain administrator privileges on a system running McAfee's Endpoint Security for Linux, enabling them to execute any code they want. It occurs during the installation process due to a timing issue that lets the attacker exploit temporary files that are not securely managed.

Technical Description

By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityHigh

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$1,000($1K-$5K)

Vendor Response

Grade FPatched in 1749 days

Quick Information

Published

May 12, 2021

almost 5 years ago

Last Modified

Feb 24, 2026

about 1 month ago

Vendor

mcafee

Product

endpoint security for linux threat prevention

Related Vulnerabilities

CVE-2021-31854High

This vulnerability allows an attacker to run their own commands on a Windows system by tricking McAfee Agent into executing a malicious file. To exploit it, the attacker needs local access to the machine and must place a specially crafted file in the right folder, which can then lead to gaining higher privileges on the system.

CVE-2021-31843High

This vulnerability allows a local user to access sensitive files in McAfee Endpoint Security that they shouldn't normally be able to reach by tricking the software into redirecting its file operations. To exploit this, the attacker needs to manipulate junction links on the system, which requires some level of access to the local machine.

CVE-2021-31838Critical

This vulnerability allows an authenticated administrator of MVISION EDR to execute any command on the system using PowerShell, which could lead to unauthorized access or control over the system. The attacker must already have administrator access to exploit this flaw, making it critical for organizations to secure their admin accounts.