CVE-2019-3653
MEDIUMMcAfee Endpoint Security < 10.6.1 - Unauthorized Access to Security Configuration via Configuration Tool
Title source: llmDescription
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10299
Scores
CVSS v3
4.6
EPSS
0.0005
EPSS Percentile
15.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
Details
CWE
CWE-284
Status
published
Products (2)
mcafee/endpoint_security
10.16.1
mcafee/endpoint_security
10.5.0 - 10.5.5
Published
Oct 09, 2019
Tracked Since
Feb 18, 2026