CVE-2019-3585 HIGH

CVE-2019-3585: VSE Escalation of Privileges through Alert pop-up window

Vendor Mcafee, Llc

Product McAfee VirusScan Enterprise (VSE)

Weakness CWE-269

Published June 10, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.0/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.

Key dates

02Disclosure timeline

June 10, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3585 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2019-3585

CWE CWE-269

CVSS 7.0 / HIGH

Affected versions