CVE-2019-3593
published 2019-01-28CVE-2019-3593: Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass…
PriorityP427high7.1CVSS 3.0
AVLACLPRLUINSUCNIHAH
EPSS
0.35%
26.6th percentile
Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | total_protection | < 16.0.r18 | 16.0.r18 |
| mcafee_llc | total_protection | >= unspecified < 16.0.R18 | 16.0.R18 |
CVSS provenance
nvdv3.07.1HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv2.05.6MEDIUMAV:L/AC:L/Au:N/C:N/I:P/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
exploitdb·2019-08-12·CVSS 9.8
CVE-2019-14931 [CRITICAL] Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
---
#!/usr/bin/python
# Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated OS Command Injection
# Date: 29 June 2019
# Exploit Author: (@xerubus | mogozobo.com)
# Vendor Homepage: https://eu3a.mitsubishielectric.com/fa/en/products/cnt/plcccl/items/smartRTU/local
# Vendor Homepage: http://www.inea.si/en/telemetrija-in-m2m-produkti/mertu-en/
# Firmware Version: Misubishi Electric 2.02 & INEA 3.0
# CVE-ID: CVE-2019-14931
# Full write-up: https://www.mogozobo.com/?p=3593
import sys, os, requests, socket
os.system('clear')
print("""\
_ _
___ (~ )( ~)
/ \_\ \/ /
| D_ ]\ \/ -= Bind_Me-smartRTU by @xerubus =-
| D _]/\ \ -= We all have something to hide =-
\___/ / /\ \\
(_ )( _)
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
exploitdb·2019-08-12·CVSS 7.5
CVE-2019-14927 [HIGH] Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
---
#!/usr/bin/python
# Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated Configuration Download
# Date: 29 June 2019
# Exploit Author: (@xerubus | mogozobo.com)
# Vendor Homepage: https://eu3a.mitsubishielectric.com/fa/en/products/cnt/plcccl/items/smartRTU/local
# Vendor Homepage: http://www.inea.si/en/telemetrija-in-m2m-produkti/mertu-en/
# Firmware Version: Misubishi Electric 2.02 & INEA 3.0
# CVE-ID: CVE-2019-14927
# Full write-up: https://www.mogozobo.com/?p=3593
import sys, os, requests, socket
os.system('clear')
print("""\
_ _
___ (~ )( ~)
/ \_\ \/ /
| D_ ]\ \/ -= Conf_Me-smartRTU by @xerubus =-
| D _]/\ \ -= We all have something to hide =-
\___/ / /\ \\
(_ )( _)
@Xerub
No writeups or analysis indexed.
2019-01-28
Published