CVE-2019-3653 MEDIUM

CVE-2019-3653: ESConfig Tool access not controlled

Vendor Mcafee, Llc

Product McAfee Endpoint Security (ENS)

Weakness CWE-284

Published October 9, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.

Key dates

02Disclosure timeline

October 9, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3653 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2019-3653

CWE CWE-284

CVSS 4.6 / MEDIUM

Affected versions

Vendor Mcafee, Llc

Product McAfee Endpoint Security (ENS)

Affected ≥ 10.6.x and < 10.6.1

Vendor Mcafee, Llc

Product McAfee Endpoint Security (ENS)

Affected ≥ 10.5.x and < 10.5.5

CVE-2019-3653: ESConfig Tool access not controlled

01Description

02Disclosure timeline

03References

04Related CVE