CVE-2019-3653Improper Access Control in LLC Mcafee Endpoint Security

CWE-284Improper Access Control3 documents3 sources
Severity
5.5MEDIUMNVD
CNA4.6
EPSS
0.0%
top 84.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Endpoint SecurityMcafee Endpoint Security
Timeline
PublishedOct 9
Latest updateMay 24

Description

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDmcafee/endpoint_security10.6.010.6.1+2
CVEListV5mcafee_llc/mcafee_endpoint_security10.6.x10.6.1+1

🔴Vulnerability Details

2
GHSA
GHSA-jcfm-vp6v-gw5w: Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 102022-05-24
CVEList
ESConfig Tool access not controlled2019-10-09
CVE-2019-3653 — Improper Access Control | cvebase