1. CVE-Search
  2. CVE-2019-3653
ID CVE-2019-3653
Summary Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
References
Vulnerable Configurations
  • cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:macos:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:macos:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.0:*:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.1:-:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.1:-:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.1:hotfix1:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.1:hotfix1:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.1:hotfix2:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.1:hotfix2:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.2:-:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.2:-:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.2:hotfix1:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.2:hotfix1:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.2:hotfix2:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.2:hotfix2:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.4:*:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:macos:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:macos:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.5.5:*:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:macos:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:macos:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.6.0:*:*:*:*:windows:*:*
  • cpe:2.3:a:mcafee:endpoint_security:10.16.1:-:*:*:*:*:*:*
    cpe:2.3:a:mcafee:endpoint_security:10.16.1:-:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 16-10-2020 - 14:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
refmap via4
confirm https://kc.mcafee.com/corporate/index?page=content&id=SB10299
Last major update 16-10-2020 - 14:17
Published 09-10-2019 - 16:15
Last modified 16-10-2020 - 14:17
Back to Top