Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.MCAFEE_DLPE_SB10290.NASL
HistoryAug 05, 2019 - 12:00 a.m.

McAfee DLPe Agent < 11.1.200 / 11.2.x Multiple Vulnerabilities (SB10289) (SB10290)

2019-08-0500:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
32

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

53.0%

JSON

The version of the McAfee Data Loss Prevention Endpoint (DLPe) Agent installed on the remote Windows host is prior to 11.1.200 or 11.2.x. It is, therefore, affected by multiple vulnerabilities:

  • Stored XSS in the ePO extension UI. (CVE-2019-3591)

  • Authenticated command injection in the ePO extension. (CVE-2019-3595)

  • Physical access authentication bypass. (CVE-2019-3621)

  • Arbitrary log file redirect. (CVE-2019-3622)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(127117);
  script_version("1.3");
  script_cvs_date("Date: 2019/10/18 23:14:15");

  script_cve_id(
    "CVE-2019-3591",
    "CVE-2019-3595",
    "CVE-2019-3621",
    "CVE-2019-3622"
  );
  script_bugtraq_id(109370, 109377);
  script_xref(name:"MCAFEE-SB", value:"SB10289");
  script_xref(name:"MCAFEE-SB", value:"SB10290");

  script_name(english:"McAfee DLPe Agent < 11.1.200 / 11.2.x Multiple Vulnerabilities (SB10289) (SB10290)");
  script_summary(english:"Checks the version of McAfee DLPe.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a master bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of the McAfee Data Loss Prevention Endpoint (DLPe) Agent installed on the remote Windows host is prior to
11.1.200 or 11.2.x. It is, therefore, affected by multiple vulnerabilities:

  - Stored XSS in the ePO extension UI. (CVE-2019-3591)

  - Authenticated command injection in the ePO extension. (CVE-2019-3595)

  - Physical access authentication bypass. (CVE-2019-3621)

  - Arbitrary log file redirect. (CVE-2019-3622)");
  script_set_attribute(attribute:"see_also", value:"https://kc.mcafee.com/corporate/index?page=content&id=SB10289");
  script_set_attribute(attribute:"see_also", value:"https://kc.mcafee.com/corporate/index?page=content&id=SB10290");
  script_set_attribute(attribute:"solution", value:
"Upgrade to McAfee DLPe 11.1.200 or 11.3.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3622");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:data_loss_prevention_endpoint");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mcafee_dlpe_agent_installed.nbin");
  script_require_keys("installed_sw/McAfee DLPe Agent", "SMB/Registry/Enumerated");

  exit(0);
}

include("vcf.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");

app_info = vcf::get_app_info(app:"McAfee DLPe Agent", win_local:TRUE);

constraints = [
  { "fixed_version":"11.1.200" },
  { "min_version":"11.2", "fixed_version":"11.3.0" }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
mcafeedata_loss_prevention_endpointcpe:/a:mcafee:data_loss_prevention_endpoint

Related

cvelist 4
prion 4
cve 4
nvd 4
cvelist
cvelist
CVE-2019-3622 DLP Endpoint log file redirection to arbitrary locations
2019-07-24 16:13:17
CVE-2019-3595 DLP Endpoint ePO extension not sanitizing CSV exports
2019-07-24 14:28:59
CVE-2019-3591 DLP Endpoint ePO extension vulnerable to XSS
2019-07-24 14:30:11
prion
prion
Command injection
2019-07-24 15:15:00
Cross site scripting
2019-07-24 15:15:00
Design/Logic Flaw
2019-07-24 16:15:00
cve
cve
CVE-2019-3622
2019-07-24 16:15:12
CVE-2019-3591
2019-07-24 15:15:12
CVE-2019-3595
2019-07-24 15:15:12
nvd
nvd
CVE-2019-3622
2019-07-24 16:15:12
CVE-2019-3595
2019-07-24 15:15:12
CVE-2019-3591
2019-07-24 15:15:12

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

53.0%

JSON
Related for MCAFEE_DLPE_SB10290.NASL
cvelist4prion4cve4nvd4