CVE-2019-3654

Name of the Vulnerable Software and Affected Versions McAfee Client Proxy versions prior to 3.0.0

Description The issue allows a local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time. This is achieved by generating an authorization key on the client, which should only be generated by the network administrator. The vulnerability is related to an authentication bypass in the Microsoft Windows client.

Recommendations For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the authorization key generation mechanism to prevent unauthorized users from generating keys.