McAfee Endpoint Security CVE-2019-3653 Unauthorized Access Vulnerability

Description

McAfee Endpoint Security is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. McAfee Endpoint Security (ENS) versions prior to 10.6.1 October 2019 Update are vulnerable.

Technologies Affected

• McAfee Endpoint Security 10.6.0
• McAfee Endpoint Security 10.6.1
• McAfee Endpoint Security 10.6.1 May 2019 Update

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To exploit this vulnerability, an attacker requires local interactive access to an affected computer. Grant local access for trusted and accountable users only.

Run all software as a nonprivileged user with minimal access rights.
To limit the impact of a successful exploit, run server software with the least privileges required and in restricted environments while still maintaining functionality.

Updates are available. Please see the references or vendor advisory for more information.