cnvd - cnvd-2022-03918

CNVD-2022-03918

Vulnerability from cnvd - Published: 2022-01-14

Title

McAfee Drive Encryption DLL劫持漏洞

Description

Mcafee McAfee Drive Encryption是美国迈克菲（Mcafee）公司的一个全盘加密软件，可帮助保护 Microsoft Windows 平板电脑、笔记本电脑和台式 PC 上的数据，防止敏感数据丢失，尤其是设备丢失或被盗造成的丢失。 McAfee Drive Encryption (MDE)7.3.0 HF2 (7.3.0.183)之前版本存在DLL劫持漏洞，该漏洞源于存在DLL搜索顺序劫持漏洞，本地攻击者可以利用该漏洞通过从受损文件夹执行任意代码和提升权限。

Severity

中

Patch Name

McAfee Drive Encryption DLL劫持漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id=SB10374

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-31853

Impacted products

Name
['Mcafee Drive Encryption >=7.2.0，<=7.2.10', 'Mcafee Drive Encryption 7.3.0', 'Mcafee Drive Encryption 7.3.0:hotfix1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-31853",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-31853"
    }
  },
  "description": "Mcafee McAfee Drive Encryption\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08Mcafee\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5168\u76d8\u52a0\u5bc6\u8f6f\u4ef6\uff0c\u53ef\u5e2e\u52a9\u4fdd\u62a4 Microsoft Windows \u5e73\u677f\u7535\u8111\u3001\u7b14\u8bb0\u672c\u7535\u8111\u548c\u53f0\u5f0f PC \u4e0a\u7684\u6570\u636e\uff0c\u9632\u6b62\u654f\u611f\u6570\u636e\u4e22\u5931\uff0c\u5c24\u5176\u662f\u8bbe\u5907\u4e22\u5931\u6216\u88ab\u76d7\u9020\u6210\u7684\u4e22\u5931\u3002\n\nMcAfee Drive Encryption (MDE)7.3.0 HF2 (7.3.0.183)\u4e4b\u524d\u7248\u672c\u5b58\u5728DLL\u52ab\u6301\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728DLL\u641c\u7d22\u987a\u5e8f\u52ab\u6301\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u4ece\u53d7\u635f\u6587\u4ef6\u5939\u6267\u884c\u4efb\u610f\u4ee3\u7801\u548c\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10374",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-03918",
  "openTime": "2022-01-14",
  "patchDescription": "Mcafee McAfee Drive Encryption\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08Mcafee\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5168\u76d8\u52a0\u5bc6\u8f6f\u4ef6\uff0c\u53ef\u5e2e\u52a9\u4fdd\u62a4 Microsoft Windows \u5e73\u677f\u7535\u8111\u3001\u7b14\u8bb0\u672c\u7535\u8111\u548c\u53f0\u5f0f PC \u4e0a\u7684\u6570\u636e\uff0c\u9632\u6b62\u654f\u611f\u6570\u636e\u4e22\u5931\uff0c\u5c24\u5176\u662f\u8bbe\u5907\u4e22\u5931\u6216\u88ab\u76d7\u9020\u6210\u7684\u4e22\u5931\u3002\r\n\r\nMcAfee Drive Encryption (MDE)7.3.0 HF2 (7.3.0.183)\u4e4b\u524d\u7248\u672c\u5b58\u5728DLL\u52ab\u6301\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728DLL\u641c\u7d22\u987a\u5e8f\u52ab\u6301\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u4ece\u53d7\u635f\u6587\u4ef6\u5939\u6267\u884c\u4efb\u610f\u4ee3\u7801\u548c\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Drive Encryption DLL\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mcafee Drive Encryption \u003e=7.2.0\uff0c\u003c=7.2.10",
      "Mcafee Drive Encryption 7.3.0",
      "Mcafee Drive Encryption 7.3.0:hotfix1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-31853",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-13",
  "title": "McAfee Drive Encryption DLL\u52ab\u6301\u6f0f\u6d1e"
}

CVE-2021-31853 (GCVE-0-2021-31853)

Vulnerability from cvelistv5 – Published: 2021-11-10 09:00 – Updated: 2024-08-03 23:10

Title

MDE DLL Search Order Hijacking vulnerability

Summary

DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-427 - Uncontrolled search path element

Assigner

trellix

References

URL

Tags

https://kc.mcafee.com/corporate/index?page=conten…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	McAfee,LLC	McAfee Drive Encryption (MDE)	Affected: unspecified , < 7.3.0 HF2 (custom)

Credits

FatRodzianko

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:10:30.205Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10374"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "McAfee Drive Encryption (MDE)",
          "vendor": "McAfee,LLC",
          "versions": [
            {
              "lessThan": "7.3.0 HF2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "FatRodzianko"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427: Uncontrolled search path element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-10T09:00:13",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10374"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MDE DLL Search Order Hijacking vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2021-31853",
          "STATE": "PUBLIC",
          "TITLE": "MDE DLL Search Order Hijacking vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "McAfee Drive Encryption (MDE)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.3.0 HF2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee,LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "FatRodzianko"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427: Uncontrolled search path element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10374",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10374"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2021-31853",
    "datePublished": "2021-11-10T09:00:13",
    "dateReserved": "2021-04-27T00:00:00",
    "dateUpdated": "2024-08-03T23:10:30.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-03918

CVE-2021-31853 (GCVE-0-2021-31853)

Tags

Sightings

Nomenclature