Lucene search
Symantec Security ResponseSMNTC-110959HistoryNov 20, 2019 - 12:00 a.m.
McAfee Client Proxy CVE-2019-3654 Local Authentication Bypass Vulnerability
2019-11-2000:00:00
Symantec Security Response
www.symantec.com
19
0.001 Low
EPSS
Percentile
25.0%
Description
McAfee Client Proxy is prone to a local authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. McAfee Client Proxy (MCP) versions prior to 3.0.0 are vulnerable.
Technologies Affected
- McAfee Client Proxy 2.3.0
- McAfee Client Proxy 2.4.0
- McAfee Client Proxy 2.5.0
Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Ensure that only trusted users have local, interactive access to affected computers.
Updates are available. Please see the references or vendor advisory for more information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mcafee client proxy | eq | 2.3.0 | |
| mcafee client proxy | eq | 2.4.0 | |
| mcafee client proxy | eq | 2.5.0 |
References
Related
cvelist
cvelist
CVE-2019-3654 Client Proxy (MCP) - Authentication Bypass vulnerability
2019-11-22 19:56:10
prion
prion
Authentication flaw
2019-11-22 20:15:00
cve
cve
CVE-2019-3654
2019-11-22 20:15:11
nvd
nvd
CVE-2019-3654
2019-11-22 20:15:11