Lucene search

TrellixCVELIST:CVE-2019-3654

HistoryNov 22, 2019 - 7:56 p.m.

CVE-2019-3654 Client Proxy (MCP) - Authentication Bypass vulnerability

2019-11-2219:56:10

trellix

www.cve.org

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.

CNA Affected

[
  {
    "product": "Client Proxy (MCP)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "3.0.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10305

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for CVELIST:CVE-2019-3654