CVE-2019-3585

Published: Jun 10, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.

Affected (14)

Products: Mcafee: Virusscan Enterprise

Mcafee

1 product

Virusscan Enterprise

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Mcafee Virusscan Enterprise	Version 8.8
Mcafee Virusscan Enterprise	Version 8.8 patch10
Mcafee Virusscan Enterprise	Version 8.8 patch11
Mcafee Virusscan Enterprise	Version 8.8 patch12
Mcafee Virusscan Enterprise	Version 8.8 patch13
Mcafee Virusscan Enterprise	Version 8.8 patch1
Mcafee Virusscan Enterprise	Version 8.8 patch2
Mcafee Virusscan Enterprise	Version 8.8 patch3
Mcafee Virusscan Enterprise	Version 8.8 patch4
Mcafee Virusscan Enterprise	Version 8.8 patch5
Mcafee Virusscan Enterprise	Version 8.8 patch6
Mcafee Virusscan Enterprise	Version 8.8 patch7
Mcafee Virusscan Enterprise	Version 8.8 patch8
Mcafee Virusscan Enterprise	Version 8.8 patch9

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10302

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10302

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.