CVE-2019-3653

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
trellixCNA
4.6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
mcafeeendpoint_security
10.5.0 ≤
𝑥
≤ 10.5.5
mcafeeendpoint_security
10.6.0 ≤
𝑥
< 10.6.1
mcafeeendpoint_security
10.16.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10299
https://kc.mcafee.com/corporate/index?page=content&id=SB10299