CVE-2019-3585

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
trellixCNA
7 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
mcafeevirusscan_enterprise
8.8
mcafeevirusscan_enterprise
8.8:patch1
mcafeevirusscan_enterprise
8.8:patch10
mcafeevirusscan_enterprise
8.8:patch11
mcafeevirusscan_enterprise
8.8:patch12
mcafeevirusscan_enterprise
8.8:patch13
mcafeevirusscan_enterprise
8.8:patch2
mcafeevirusscan_enterprise
8.8:patch3
mcafeevirusscan_enterprise
8.8:patch4
mcafeevirusscan_enterprise
8.8:patch5
mcafeevirusscan_enterprise
8.8:patch6
mcafeevirusscan_enterprise
8.8:patch7
mcafeevirusscan_enterprise
8.8:patch8
mcafeevirusscan_enterprise
8.8:patch9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10302
https://kc.mcafee.com/corporate/index?page=content&id=SB10302