CVE-2021-31838 is a vulnerability in McAfee Mvision Edr
Published on June 29, 2021
Command injection through environment variable in MVISION EDR
A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.
Vulnerability Analysis
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2021-31838 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2021-31838
Want to know whenever a new CVE is published for McAfee Mvision Edr? stack.watch will email you.
Affected Versions
McAfee,LLC MVISION EDR:- Version unspecified and below 3.4.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.