Lucene search

[email protected]CVE-2016-3984

HistoryApr 08, 2016 - 3:59 p.m.

CVE-2016-3984

2016-04-0815:59:10

CWE-284

[email protected]

web.nvd.nist.gov

mcafee

virusscan

console

mar

agent

dxl

dlpe

endpoint security

ips

vse

windows

security

vulnerability

nvd

5.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

5 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

37.8%

JSON

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.

Affected configurations

NVD

Node

mcafeeactive_responseRange≤1.1.0.158

mcafeeagentRange≤5.0.2.285

mcafeedata_exchange_layerRange≤2.0.0.430.1

mcafeedata_loss_prevention_endpointRange≤9.3.0p5

mcafeedata_loss_prevention_endpointRange≤9.4.0p1_hf2

mcafeeendpoint_securityRange≤10.0.1

mcafeehost_intrusion_preventionRange≤8.0.0p6

mcafeevirusscan_enterpriseRange≤8.8.0p6

CPENameOperatorVersion
mcafee:active_responsemcafee active responsele1.1.0.158
mcafee:agentmcafee agentle5.0.2.285
mcafee:data_exchange_layermcafee data exchange layerle2.0.0.430.1
mcafee:data_loss_prevention_endpointmcafee data loss prevention endpointle9.3.0
mcafee:data_loss_prevention_endpointmcafee data loss prevention endpointle9.4.0
mcafee:endpoint_securitymcafee endpoint securityle10.0.1
mcafee:host_intrusion_preventionmcafee host intrusion preventionle8.0.0
mcafee:virusscan_enterprisemcafee virusscan enterprisele8.8.0

CPE	Name	Operator	Version
mcafee:active_response	mcafee active response	le	1.1.0.158
mcafee:agent	mcafee agent	le	5.0.2.285
mcafee:data_exchange_layer	mcafee data exchange layer	le	2.0.0.430.1
mcafee:data_loss_prevention_endpoint	mcafee data loss prevention endpoint	le	9.3.0
mcafee:data_loss_prevention_endpoint	mcafee data loss prevention endpoint	le	9.4.0
mcafee:endpoint_security	mcafee endpoint security	le	10.0.1
mcafee:host_intrusion_prevention	mcafee host intrusion prevention	le	8.0.0
mcafee:virusscan_enterprise	mcafee virusscan enterprise	le	8.8.0

References

lab.mediaservice.net/advisory/2016-01-mcafee.txt

seclists.org/fulldisclosure/2016/Mar/13

www.securitytracker.com/id/1035130

kc.mcafee.com/corporate/index?page=content&id=SB10151

www.exploit-db.com/exploits/39531/

5.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

5 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

37.8%

JSON

Related for CVE-2016-3984

nvd1 prion1 openvas2 cvelist1 nessus1 zdt1