7.8

CVE-2019-3585

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.

Data is provided by the National Vulnerability Database (NVD)
McafeeVirusscan Enterprise Version8.8 Update- SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch1 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch10 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch11 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch12 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch13 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch2 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch3 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch4 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch5 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch6 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch7 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch8 SwPlatformwindows
McafeeVirusscan Enterprise Version8.8 Updatepatch9 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.077
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
trellixpsirt@trellix.com 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.