CVE-2019-3654

Published: Nov 22, 2019Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 6.0

Source: NVD

Description

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.

Affected (1)

Products: Mcafee: Client Proxy

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mcafee Client Proxy	Before 3.0.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10305

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10305

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.