CVE-2016-3984

Description

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.

Related CPE's

amcafeedata_loss_prevention_endpoint*p1_hf2******

amcafeeagent********

amcafeevirusscan_enterprise*p6******

amcafeehost_intrusion_prevention*p6******

amcafeedata_loss_prevention_endpoint*p5******

amcafeeactive_response********

amcafeedata_exchange_layer********

amcafeeendpoint_security********

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10151

Vendor Advisory

1035130

http://lab.mediaservice.net/advisory/2016-01-mcafee.txt

Exploit

39531

Exploit

20160304 McAfee VirusScan Enterprise security restrictions bypass

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

LOW

PrivilegesRequired

HIGH

BaseScore

5.1

VectorString

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:N/I:P/A:P

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

3.5999999046325684

Created by Yello
About Severity.io