CVE-2019-3654
MEDIUMMcAfee Client Proxy < 3.0.0 - Authentication Bypass via Client-Side Authorization Key Generation
Title source: llmDescription
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://kc.mcafee.com/corporate/index?page=content&id=SB10305
Scores
CVSS v3
5.3
EPSS
0.0009
EPSS Percentile
24.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
Details
CWE
CWE-287
Status
published
Products (1)
mcafee/client_proxy
< 3.0.0
Published
Nov 22, 2019
Tracked Since
Feb 18, 2026