A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.
[
{
"product": "Live Safe",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "16.0.3"
}
]
}
]