How serious is CVE-2021-31838?

This vulnerability has a CVSS score of 9.1 out of 10, classified as CRITICAL severity. No public exploit code has been identified yet.

Which products are affected by CVE-2021-31838?

CVE-2021-31838 affects mcafee mvision edr. Check the full CVE details for specific version information.

How do I fix CVE-2021-31838?

To remediate CVE-2021-31838, check for security patches from mcafee. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2021-31838

Critical

|9.1

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an authenticated administrator of MVISION EDR to execute any command on the system using PowerShell, which could lead to unauthorized access or control over the system. The attacker must already have administrator access to exploit this flaw, making it critical for organizations to secure their admin accounts.

Technical Description

A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$6,000($5K-$15K)

Vendor Response

Grade FPatched in 1701 days

Quick Information

Published

Jun 29, 2021

almost 5 years ago

Last Modified

Feb 24, 2026

about 1 month ago

Vendor

mcafee

Product

mvision edr

Related Vulnerabilities

CVE-2021-31854High

This vulnerability allows an attacker to run their own commands on a Windows system by tricking McAfee Agent into executing a malicious file. To exploit it, the attacker needs local access to the machine and must place a specially crafted file in the right folder, which can then lead to gaining higher privileges on the system.

CVE-2021-31843High

This vulnerability allows a local user to access sensitive files in McAfee Endpoint Security that they shouldn't normally be able to reach by tricking the software into redirecting its file operations. To exploit this, the attacker needs to manipulate junction links on the system, which requires some level of access to the local machine.

CVE-2021-23892High

This vulnerability allows a local user to gain administrator privileges on a system running McAfee's Endpoint Security for Linux, enabling them to execute any code they want. It occurs during the installation process due to a timing issue that lets the attacker exploit temporary files that are not securely managed.