CVE-2019-3588 MEDIUM

CVE-2019-3588: Using VSE to bypass Windows Credentials on Lock screen

Vendor Mcafee, Llc
Product McAfee VirusScan Enterprise (VSE)
Weakness CWE-269
Published June 10, 2020
Last update September 16, 2024

CVSS base score

6.3/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

Key dates

02Disclosure timeline

June 10, 2020 CVE published
September 16, 2024 Record updated