Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTrellixCVE-2019-3636
HistoryOct 28, 2019 - 3:15 p.m.

CVE-2019-3636

2019-10-2815:15:21
CWE-312
trellix
web.nvd.nist.gov
27
cve-2019-3636
file masquerade
mcafee total protection
mtp
windows client
vulnerability
registry
av-scan
malware

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0

Percentile

12.6%

JSON

A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.

Affected configurations

Nvd
Node
mcafeetotal_protectionRange16.0.r21
AND
microsoftwindowsMatch-
VendorProductVersionCPE
mcafeetotal_protection*cpe:2.3:a:mcafee:total_protection:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "McAfee Total Protection",
    "vendor": "McAfee, LCC",
    "versions": [
      {
        "lessThan": "16.0.R22",
        "status": "affected",
        "version": "16",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
prion 1
symantec 1
nvd
nvd
CVE-2019-3636
2019-10-28 15:15:21
cvelist
cvelist
CVE-2019-3636 File masquerade attack vulnerability in McAfee Total Protection
2019-10-28 14:23:25
prion
prion
Design/Logic Flaw
2019-10-28 15:15:00
symantec
symantec
McAfee Total Protection Windows Client CVE-2019-3636 Local Security Bypass Vulnerability
2019-10-25 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0

Percentile

12.6%

JSON
Related for CVE-2019-3636
nvd1cvelist1prion1symantec1