CVE-2019-3654 MEDIUM

CVE-2019-3654: Client Proxy (MCP) - Authentication Bypass vulnerability

Vendor Mcafee
Product Client Proxy (MCP)
Published November 22, 2019
Last update August 4, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.

Key dates

02Disclosure timeline

November 22, 2019 CVE published
August 4, 2024 Record updated