Vulnerability CVE-2016-3984


Published: 2016-04-08

Description:
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.6/10
4.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Mcafee -> Active response 
Mcafee -> Agent 
Mcafee -> Data exchange layer 
Mcafee -> Data loss prevention endpoint 
Mcafee -> Endpoint security 
Mcafee -> Host intrusion prevention 
Mcafee -> Virusscan enterprise 

 References:
https://www.exploit-db.com/exploits/39531/
https://kc.mcafee.com/corporate/index?page=content&id=SB10151
http://www.securitytracker.com/id/1035130
http://seclists.org/fulldisclosure/2016/Mar/13
http://lab.mediaservice.net/advisory/2016-01-mcafee.txt

Copyright 2020, cxsecurity.com

 

Back to Top