CVE-2019-3588

CWE-269Improper Privilege Management3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 86.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee, LLC Mcafee Virusscan Enterprise (vse)Mcafee Virusscan Enterprise
Timeline
PublishedJun 10
Latest updateMay 24

Description

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 0.4 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee,_llc/mcafee_virusscan_enterprise_(vse)8.8.x8.8 Patch 14

🔴Vulnerability Details

2
GHSA
GHSA-f5w2-gp3c-5m5p: Privilege Escalation vulnerability in Microsoft Windows client (McTray2022-05-24
CVEList
Using VSE to bypass Windows Credentials on Lock screen2020-06-10
CVE-2019-3588 (MEDIUM CVSS 6.8) | Privilege Escalation vulnerability | cvebase.io