Lucene search

TrellixCVELIST:CVE-2019-3653

HistoryOct 09, 2019 - 2:21 p.m.

CVE-2019-3653 ESConfig Tool access not controlled

2019-10-0914:21:45

CWE-284

trellix

www.cve.org

4.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.

CNA Affected

[
  {
    "product": "McAfee Endpoint Security (ENS)",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "10.6.1",
        "status": "affected",
        "version": "10.6.x",
        "versionType": "custom"
      },
      {
        "lessThan": "10.5.5",
        "status": "affected",
        "version": "10.5.x",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10299

4.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2019-3653