CVE-2019-3648

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
trellixCNA
6.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
mcafeeanti-virus_plus
𝑥
≤ 16.0.r22
mcafeeinternet_security
𝑥
≤ 16.0.r22
mcafeetotal_protection
𝑥
≤ 16.0r22
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984