CVE-2019-3613

CWE-4274 documents4 sources

Severity

7.3HIGH

EPSS

0.0%

top 89.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee, LLC Mcafee Agent (ma)Mcafee Agent

Timeline

PublishedJun 10

Latest updateMay 24

Description

DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

▶NVDmcafee/agent5.0.0 — 5.0.6+2

▶CVEListV5mcafee,_llc/mcafee_agent_(ma)5.6.x — 5.6.4

🔴Vulnerability Details

GHSA

GHSA-vq3h-jh9h-239h: DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5↗2022-05-24

▶

CVEList

DLL search order hijacking in MA↗2020-06-10

▶

💬Community

Bugzilla

CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users↗2018-10-22

▶