Vulnerability Details : CVE-2019-3648
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
Vulnerability category: File inclusionExecute codeGain privilege
Products affected by CVE-2019-3648
- cpe:2.3:a:mcafee:total_protection:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:anti-virus_plus:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:internet_security:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-3648
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3648
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L |
0.8
|
4.7
|
McAfee (DEFUNCT) |
CWE ids for CVE-2019-3648
-
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-3648
-
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
McAfee - All Editions (MTP, AVP, MIS) - Self-Defense Bypass and Potential Usages (CVE-2019-3648)Exploit;Third Party Advisory
-
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984
McAfee KB - McAfee Security Bulletin - McAfee Total Protection, McAfee Anti-Virus Plus, and McAfee Internet Security version 16.0.R22 Refresh 1 fixes a privilege escalation vulnerability (CVE-2019-364Vendor Advisory
Jump to