Platform
other
Component
mcafee-web-gateway-mwg
Fixed in
9.2.8
CVE-2021-23885 describes a privilege escalation vulnerability affecting McAfee Web Gateway (MWG) versions up to and including 9.2.8. This flaw allows authenticated users to gain elevated privileges on the appliance, potentially leading to complete system compromise. Successful exploitation involves manipulating user input within the troubleshooting page. The vulnerability has been addressed with a patch released in version 9.2.8.
The impact of CVE-2021-23885 is severe. An attacker who can successfully exploit this vulnerability can gain administrative access to the McAfee Web Gateway appliance. This allows them to modify configurations, install malicious software, steal sensitive data, and potentially pivot to other systems on the network. The ability to execute commands directly on the appliance significantly expands the attack surface and increases the potential for data breaches and system disruption. This vulnerability is particularly concerning given the role of MWG in filtering web traffic and protecting organizations from external threats; a compromised MWG could be used to bypass security controls and deliver malware.
CVE-2021-23885 was publicly disclosed on February 17, 2021. While no active exploitation campaigns have been definitively linked to this CVE, the CRITICAL severity and potential for privilege escalation warrant immediate attention. The vulnerability's reliance on authenticated access suggests that internal threats or compromised user accounts pose the greatest risk. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.93% (76% percentile)
CVSS Vector
The primary mitigation for CVE-2021-23885 is to upgrade McAfee Web Gateway to version 9.2.8 or later. If immediate upgrading is not possible due to compatibility concerns or testing requirements, consider implementing stricter access controls to the troubleshooting page, limiting access to only authorized personnel. Review and audit user permissions within MWG to ensure least privilege principles are followed. Monitor MWG logs for suspicious activity, particularly attempts to access or manipulate the troubleshooting page. While a direct WAF rule is difficult to implement, consider implementing general input validation rules to prevent injection attacks.
Update McAfee Web Gateway (MWG) to version 9.2.8 or later. This update addresses the privilege escalation vulnerability in the user interface.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-23885 is a critical vulnerability in McAfee Web Gateway (MWG) versions ≤9.2.8 that allows authenticated users to gain elevated privileges and execute commands on the appliance via the troubleshooting page.
You are affected if you are running McAfee Web Gateway versions 9.2.8 or earlier. Verify your version and upgrade as soon as possible.
Upgrade McAfee Web Gateway to version 9.2.8 or later to address this vulnerability. If immediate upgrade is not possible, implement stricter access controls to the troubleshooting page.
While no confirmed active exploitation campaigns have been publicly linked to CVE-2021-23885, its critical severity warrants immediate remediation.
Refer to the McAfee Security Advisory for CVE-2021-23885: https://kc.mcafee.com/corporate/details/7296
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.