CVE-2019-3610 (GCVE-0-2019-3610)
Vulnerability from cvelistv5
Published
2019-02-13 17:00
Modified
2024-09-16 18:24
Severity ?
5.6 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE
  • Data Leakage Attacks vulnerability
Summary
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
References
trellixpsirt@trellix.comhttp://www.securityfocus.com/bid/107217
trellixpsirt@trellix.comhttps://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107217
af854a3a-2127-422b-91ae-364da2661108https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889
Impacted products
Vendor Product Version
McAfee, LLC True Key (TK) Version: 3.1   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:12:09.593Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107217",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107217"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Chrome, Edge and Firefox"
          ],
          "product": "True Key (TK)",
          "vendor": "McAfee, LLC",
          "versions": [
            {
              "lessThanOrEqual": "3.1.9211.0",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Leakage Attacks vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-05T10:57:02",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "name": "107217",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107217"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "DATE_PUBLIC": "2019-02-13T15:00:00.000Z",
          "ID": "CVE-2019-3610",
          "STATE": "PUBLIC",
          "TITLE": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "True Key (TK)",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=",
                            "platform": "Chrome, Edge and Firefox",
                            "version_affected": "\u003c=",
                            "version_name": "3.1",
                            "version_value": "3.1.9211.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee, LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Leakage Attacks vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107217",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107217"
            },
            {
              "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889",
              "refsource": "CONFIRM",
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2019-3610",
    "datePublished": "2019-02-13T17:00:00Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:24:29.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3610\",\"sourceIdentifier\":\"trellixpsirt@trellix.com\",\"published\":\"2019-02-13T17:29:00.193\",\"lastModified\":\"2024-11-21T04:42:14.677\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de filtrado de datos en el cliente de Microsoft Windows en McAfee True Key (TK), en versiones 3.1.9211.0 y anteriores, permite que los usuarios locales expongan datos confidenciales mediante malware especialmente manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1.9211.0\",\"matchCriteriaId\":\"AF77FE81-F4CE-42A2-A762-C5EACB8E441F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107217\",\"source\":\"trellixpsirt@trellix.com\"},{\"url\":\"https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889\",\"source\":\"trellixpsirt@trellix.com\"},{\"url\":\"http://www.securityfocus.com/bid/107217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.