CVE-2015-8991

Published Mar 14, 2017

Last updated 8 years ago

CVSS high 7.0

Overview

Description: Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
Source: secure@intel.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:security_webadvisor:3.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BB888A8-EE45-4DF3-BD5B-1FB4B18DDC49"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:security_webadvisor:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93820F52-CCB6-4999-948D-3D2120622EFA"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:security_webadvisor:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8598A38-6CE3-4E06-A3AF-FB7CFFE32E60"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:cloud_av:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9555C8AA-3873-4377-9CE9-FDE9C3D72E08"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:security_scan_plus:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39058A15-0DFB-4B45-8F60-054D9E18F236"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References