CyberSec.Space Logo
Back to CVE Browser

CVE-2021-23885

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile2.61th
PublishedFeb 17, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.

Affected Platforms (CPE)

📦
Mcafee

Web Gateway

< 8.2.17
📦
Mcafee

Web Gateway

>= 9.2 and < 9.2.8
📦
Mcafee

Web Gateway

>= 10.0 and < 10.0.4

References & Advisories

🔗 https://kc.mcafee.com/corporate/index?page=content&id=SB10349
🔗 https://kc.mcafee.com/corporate/index?page=content&id=SB10349

Related Vulnerabilities

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...

CVE-2020-202110.0

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option i...

CVE-2018-666710.0

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remo...

CVE-2010-473310.0

WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom N...