CVE-2017-4028

Published Apr 3, 2018

Last updated a year ago

CVSS medium 4.4

Overview

Description: Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.
Source: trellixpsirt@trellix.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 4.4
Impact score: 3.6
Exploitability score: 0.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-74

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:anti-virus_plus:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F3320DA-317A-4668-8CB7-B253CF4E26BB"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:endpoint_security:10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDA3764B-02A5-4CB8-A2CF-BDEC69A3F1F4"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B258695-3C79-4EF0-9F57-96867BBCE2B9",
            "versionEndIncluding": "8.0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "551CDFD4-6CB5-478C-87BD-E8FCA2564452"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C8C36BD-4C81-43A2-A1B0-FD6FC43D7077"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7507AF42-7435-408F-8D13-12AEB6BD2D88"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DF5032E-F91D-48D8-AAEE-35784BD87778"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22BBD8D0-3D09-4A0C-AF5F-5655329D01E3"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "143B1FC1-CD35-411F-B67F-4879DCE4531F"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31C16E08-FFB3-426E-9A9F-D496A50F10BB"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E096860A-4AA2-4A3F-8B45-998E6E48F175"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91D6F788-8D23-44D8-AFAF-780F45885341"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:internet_security:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B53E987-4329-4FA9-AC94-0286D64B7E88"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:total_protection:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "251D56EC-7153-451F-A558-92E0F5BFACEE"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virus_scan_enterprise:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EF52F97-EC0A-4CE9-A62B-4881210CA186",
            "versionEndIncluding": "8.8"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virus_scan_enterprise:8.8:patch_9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E4B5233-94A6-4E3E-B13B-08C6633BDCF7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References