CVE-2021-31838

high

Trellix

CVSS v3 Base Score

8.4

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

2.9%

Exploitation probability in 30 days

Top 14% most likely to be exploited

Attack Characteristics

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: June 29, 2021 (1779 days ago)

Last Modified: February 24, 2026

Vendor: Trellix

Description

A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.

CWE

CWE-78

Affected Products

mcafee mvision edr

References

🔗 kc.mcafee.com 🔗 kc.mcafee.com

CVE-2021-31838

Vulnerability Report

Description

CWE

Affected Products

References