CVE-2019-3648
MEDIUMMcAfee Total Protection < 16.0.R22 - Privilege Escalation via Untrusted Search Path
Title source: llmDescription
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984
Various Sources x_refsource_misc
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
Scores
CVSS v3
6.1
EPSS
0.0017
EPSS Percentile
37.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
Details
CWE
CWE-426
Status
published
Products (3)
mcafee/anti-virus_plus
< 16.0.r22
mcafee/internet_security
< 16.0.r22
mcafee/total_protection
< 16.0r22
Published
Nov 13, 2019
Tracked Since
Feb 18, 2026