Vulnerability CVE-2019-3648


Published: 2019-11-13   Modified: 2019-11-15

Description:
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Mcafee -> Anti-virus plus 
Mcafee -> Internet security 
Mcafee -> Total protection 

 References:
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984

Copyright 2021, cxsecurity.com

 

Back to Top