Kostenlos scannen
CRITICALCVE-2021-23885CVSS 9

Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI

wird übersetzt…

Plattform

other

Komponente

mcafee-web-gateway-mwg

Behoben in

9.2.8

AI Confidence: highNVDEPSS 0.9%Geprüft: Mai 2026
Auf NVD ansehen
Speichern

CVE-2021-23885 describes a privilege escalation vulnerability affecting McAfee Web Gateway (MWG) versions up to and including 9.2.8. This flaw allows authenticated users to gain elevated privileges on the appliance by exploiting improper neutralization of user input within the troubleshooting page. Successful exploitation could lead to unauthorized access and control of the MWG appliance, potentially impacting network security and data integrity. The vulnerability has been fixed in version 9.2.8.

Auswirkungen und Angriffsszenarien

The impact of CVE-2021-23885 is significant due to its potential for privilege escalation. An attacker, once authenticated, can leverage this vulnerability to execute arbitrary commands on the McAfee Web Gateway appliance. This could allow them to modify configurations, access sensitive data stored on the appliance, or even pivot to other systems within the network. The ability to execute commands grants a high degree of control, enabling attackers to compromise the entire network if the MWG appliance is strategically positioned. This vulnerability shares similarities with other input validation flaws that have led to remote code execution on network appliances, highlighting the importance of robust security practices.

Ausnutzungskontext

CVE-2021-23885 was publicly disclosed on February 17, 2021. The vulnerability has a CRITICAL CVSS score of 9.0. Currently, there are no publicly known active exploitation campaigns targeting this vulnerability, but the ease of exploitation and the potential impact make it a high-priority concern. It is not listed on the CISA KEV catalog as of the current date.

Wer Ist Gefährdetwird übersetzt…

Organizations heavily reliant on McAfee Web Gateway for web filtering and security are at significant risk. Specifically, deployments with weak password policies or shared user accounts are more vulnerable. Environments where the MWG appliance is directly exposed to the internet without adequate network segmentation also face increased risk.

Erkennungsschrittewird übersetzt…

• windows / supply-chain: Examine scheduled tasks for suspicious entries related to MWG. Check event logs for unusual process executions or privilege escalations within the MWG appliance.

Get-ScheduledTask | Where-Object {$_.TaskName -like "*MWG*"}

• linux / server: Monitor system logs (journalctl) for authentication attempts followed by unusual command executions on the MWG appliance. Use auditd to track access to the troubleshooting page.

journalctl -u mcs-webgateway -f

• generic web: Examine MWG access logs for unusual requests targeting the troubleshooting page. Look for patterns indicative of input manipulation attempts.

 grep "/troubleshooting" /var/log/mcs-webgateway/access.log

Angriffszeitlinie

  1. Disclosure

    disclosure

Bedrohungsanalyse

Exploit-Status

Proof of ConceptUnbekannt
CISA KEVNO
Internet-ExponierungHoch

EPSS

0.93% (76% Perzentil)

CVSS-Vektor

BEDROHUNGSANALYSE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.0CRITICALAttack VectorNetworkWie der Angreifer das Ziel erreichtAttack ComplexityLowBedingungen zur erfolgreichen AusnutzungPrivileges RequiredLowErforderliche AuthentifizierungsstufeUser InteractionRequiredOb ein Opfer eine Aktion ausführen mussScopeChangedAuswirkungen über die Komponente hinausConfidentialityHighRisiko der Offenlegung sensibler DatenIntegrityHighRisiko nicht autorisierter DatenänderungAvailabilityHighRisiko der Dienstunterbrechungnextguardhq.com · CVSS v3.1 Basis-Score
Was bedeuten diese Metriken?
Attack Vector
Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
Attack Complexity
Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
Privileges Required
Niedrig — jedes gültige Benutzerkonto ist ausreichend.
User Interaction
Erforderlich — Opfer muss eine Datei öffnen, auf einen Link klicken oder eine Seite besuchen.
Scope
Geändert — Angriff kann über die anfällige Komponente hinaus auf andere Systeme übergreifen.
Confidentiality
Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
Integrity
Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
Availability
Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.

Betroffene Software

Komponentemcafee-web-gateway-mwg
HerstellerMcAfee,LLC
Betroffener BereichBehoben in
unspecified – 9.2.89.2.8

Schwachstellen-Klassifikation (CWE)

CWE-269

Zeitleiste

  1. Reserviert
  2. Veröffentlicht
  3. Geändert
  4. EPSS aktualisiert

Mitigation und Workarounds

The primary mitigation for CVE-2021-23885 is to upgrade McAfee Web Gateway to version 9.2.8 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting access to the troubleshooting page to authorized personnel only. Review and strengthen authentication mechanisms to limit the number of authenticated users with access to the MWG. Monitor the MWG appliance for unusual activity, particularly attempts to access or modify system configurations. While a WAF might offer some protection, it is unlikely to fully mitigate the risk of privilege escalation. After upgrading, verify the fix by attempting to access the troubleshooting page with a standard user account and confirming that no elevated privileges can be obtained.

So behebenwird übersetzt…

Actualice McAfee Web Gateway (MWG) a la versión 9.2.8 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios en la interfaz de usuario.

CVE-Sicherheitsnewsletter

Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.

Häufig gestellte Fragenwird übersetzt…

What is CVE-2021-23885 — Privilege Escalation in McAfee Web Gateway?

CVE-2021-23885 is a critical vulnerability in McAfee Web Gateway (MWG) versions ≤9.2.8 that allows authenticated users to gain elevated privileges and execute commands on the appliance via the troubleshooting page.

Am I affected by CVE-2021-23885 in McAfee Web Gateway?

You are affected if you are running McAfee Web Gateway versions 9.2.8 or earlier. Verify your version and upgrade as soon as possible.

How do I fix CVE-2021-23885 in McAfee Web Gateway?

Upgrade McAfee Web Gateway to version 9.2.8 or later to address this vulnerability. If immediate upgrade is not possible, implement stricter access controls to the troubleshooting page.

Is CVE-2021-23885 being actively exploited?

While no confirmed active exploitation campaigns have been publicly linked to CVE-2021-23885, its critical severity warrants immediate remediation.

Where can I find the official McAfee advisory for CVE-2021-23885?

Refer to the McAfee Security Advisory for CVE-2021-23885: https://kc.mcafee.com/corporate/details/7296

Ist dein Projekt betroffen?

Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.

Kostenlos scannenCVEs suchen