VYPR
Unrated severityNVD Advisory· Published Jun 29, 2021· Updated Aug 3, 2024

Command injection through environment variable in MVISION EDR

CVE-2021-31838

Description

A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.

Affected products

2
  • McAfee/MVISION EDRllm-create2 versions
    <3.4.0+ 1 more
    • (no CPE)range: <3.4.0
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.