CVE-2019-3586

EPSS 0.27%
Published 15.05.2019 16:29:00
Last modified 21.11.2024 04:42:13
Source trellixpsirt@trellix.com
Teams watchlist Login
Open Login

Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Endpoint Security Version >= 10.0.0 <= 10.6.1

Mcafee ≫ Endpoint Security Version10.6.1 Update201905

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.476

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.3	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P
trellixpsirt@trellix.com	7.5	1.6	5.3	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

http://www.securityfocus.com/bid/108416

https://kc.mcafee.com/corporate/index?page=content&id=SB10280

https://nvd.nist.gov/vuln/detail/CVE-2019-3586

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3586

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3586

EUVD