Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-4534

CWE-2644 documents4 sources

Severity

3.0LOW

EPSS

2.4%

top 14.90%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mcafee Virusscan Enterprise

Timeline

PublishedMay 5

Latest updateMay 17

Description

The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:LExploitability: 0.5 | Impact: 2.5

Affected Packages1 packages

▶NVDmcafee/virusscan_enterprise8.8.0

Patches

Patch: kc.mcafee.com ↗Patch: kc.mcafee.com ↗

🔴Vulnerability Details

GHSA

GHSA-h9qj-3623-mvm2: The McAfee VirusScan Console (mcconsol↗2022-05-17

▶

CVEList

CVE-2016-4534: The McAfee VirusScan Console (mcconsol↗2016-05-05

▶

💥Exploits & PoCs

Exploit-DB

McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass↗2016-03-07

▶