CVE-2019-3588

Published Jun 10, 2020

Last updated a year ago

CVSS medium 6.8

Overview

Description: Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.
Source: trellixpsirt@trellix.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-269
trellixpsirt@trellix.com: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:-:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0280F82-EC6B-4F5B-A495-DD9CEED6A20D"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66F4B2B4-93EF-4BF2-A949-4EABB6E2D5CD"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch10:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8915A4A0-A6A8-433C-9E03-2FE2023E576D"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch11:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12630925-6631-40DB-84EF-35BFE6EFB4F7"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch12:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EB533F2-0631-4C2C-885A-C132EC937164"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch13:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D17EC9A7-A383-4B3E-A292-73CD33E60134"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1204EDA4-8C76-45D1-894A-CBD042A1C533"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch3:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB3F4704-7A78-4223-98A6-EAE027553732"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch4:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0545B55-45D8-440D-A120-F0ED7337CF06"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch5:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CDA7115-7071-42BC-99AA-FD01A5CB6D37"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch6:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54AC8CF5-30D5-4FF8-83C8-70FF9E16FE00"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch7:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D98604B-B10B-473A-A219-BF6208779912"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch8:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "923A8D73-6FAB-4826-B6BD-6D006E46C7BE"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:8.8:patch9:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1846CE6C-EDAE-4F88-8CC3-2C48506595F7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References