CVE-2017-4028

CWE-743 documents3 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 70.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Mcafee Mcafee Anti-virus Plus (avp)Mcafee Mcafee Endpoint Security (ens)Mcafee Mcafee Host Intrusion Prevention (host Ips)+6 more
Timeline
PublishedApr 3
Latest updateMay 13

Description

Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NExploitability: 0.6 | Impact: 4.0

Affected Packages9 packages

CVEListV5mcafee/mcafee_anti-virus_plus_(avp)17032929 Mar 2017
CVEListV5mcafee/mcafee_total_protection_(mtp)17032929 Mar 2017
CVEListV5mcafee/mcafee_endpoint_security_(ens)10.210.2 DAT V3 DAT 2932.0
CVEListV5mcafee/mcafee_internet_security_(mis)17032929 Mar 2017
CVEListV5mcafee/mcafee_virus_scan_enterprise_(vse)8.88.8 Patch 8/9 Hotfix 1187884

🔴Vulnerability Details

2
GHSA
GHSA-4v65-vf6x-vh24: Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator t2022-05-13
CVEList
SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability2018-04-03
CVE-2017-4028 (MEDIUM CVSS 4.4) | Maliciously misconfigured registry | cvebase.io