CVE-2019-3586

HIGH

McAfee Endpoint Security (ENS) <10.6.1 - Privilege Escalation

Title source: llm

Description

Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.

References (2)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10280

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108416

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H

Classification

CWE

CWE-693

Status published

Affected Products (2)

mcafee/endpoint_security < 10.6.1

mcafee/endpoint_security

Timeline

Published May 15, 2019

Tracked Since Feb 18, 2026