virus logo FortiClient Vulnerability

Null Pointer Dereference, Improper Access Control, and Cross Site Scripting Vulnerabilities for McAfee Endpoint Security with ID SB10345

description-logoDescription

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to this update. The improper access control vulnerability prevents the installation of some ENS files and also allows authenicated local administrator user to perform an uninstallation of the anti-malware engine. The cross site scripting vulnerability allows an ENS ePO administrator to add a script to a policy event.

affected-products-logoAffected Applications

McAfee Endpoint Security

CVE References

CVE-2021-23883 CVE-2021-23882 CVE-2021-23881 CVE-2021-23880

Other References

https://support.mcafee.com/webcenter/portal/supportportal/pages_knowledgecenter
ID 2326
Created Nov 27, 2021
Description
Updated		 Nov 27, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
Vendor McAfee
Patch manual
Application McAfee Endpoint Security