PT-2019-4395 · Microsoft+1 · Windows+1

Published

2019-11-20

Updated

2020-08-24

CVE-2019-3654

CVSS v3.1

8.6

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions McAfee Client Proxy versions prior to 3.0.0

Description The issue allows a local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time. This is achieved by generating an authorization key on the client, which should only be generated by the network administrator. The vulnerability is related to an authentication bypass in the Microsoft Windows client.

Recommendations For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the authorization key generation mechanism to prevent unauthorized users from generating keys.

Fix

Improper Authentication

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-639

Related Identifiers

BDU:2020-00117

CVE-2019-3654

Affected Products

Mcafee Client Proxy

Windows

PT-2019-4395 · Microsoft+1 · Windows+1

CVE-2019-3654

Weakness Enumeration

Related Identifiers

Affected Products

References · 5