CVE-2019-3588

EPSS 0.04%
Veröffentlicht 10.06.2020 12:15:11
Zuletzt bearbeitet 21.11.2024 04:42:13
Quelle trellixpsirt@trellix.com
CVE-Watchlists
Login
Unerledigt
Login

Using VSE to bypass Windows Credentials on Lock screen

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 14 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mcafee ≫ Virusscan Enterprise Version8.8 Update- SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch1 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch10 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch11 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch12 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch13 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch2 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch3 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch4 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch5 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch6 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch7 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch8 SwPlatformwindows

Mcafee ≫ Virusscan Enterprise Version8.8 Updatepatch9 SwPlatformwindows

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C
trellixpsirt@trellix.com	6.3	0.4	5.9	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://kc.mcafee.com/corporate/index?page=content&id=SB10302

https://nvd.nist.gov/vuln/detail/CVE-2019-3588

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3588

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3588

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-3588