CVE-2019-3585

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 88.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee, LLC Mcafee Virusscan Enterprise (vse)Mcafee Virusscan Enterprise
Timeline
PublishedJun 10
Latest updateMay 24

Description

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee,_llc/mcafee_virusscan_enterprise_(vse)8.8.x8.8 Patch 14

🔴Vulnerability Details

2
GHSA
GHSA-rjpq-h7r3-66pw: Privilege Escalation vulnerability in Microsoft Windows client (McTray2022-05-24
CVEList
VSE Escalation of Privileges through Alert pop-up window2020-06-10

💬Community

1
Bugzilla
CVE-2019-1000029 mumble: dos due to changing number of allowed users in root channel2019-02-20
CVE-2019-3585 (HIGH CVSS 7.8) | Privilege Escalation vulnerability | cvebase.io