CVE-2019-3582 - OpenCVE

Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Complete

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:C/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Endpoint Security

Configuration 1 [-]

cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kc.mcafee.com/corporate/index?page=content&id=SB10254

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2019-02-28T16:00:00

Updated: 2024-08-04T19:12:09.374Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3582

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-02-28T15:29:00.327

Modified: 2023-11-07T03:09:54.720

Link: CVE-2019-3582

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "McAfee Endpoint Security (ENS)", "vendor": "McAfee, LLC", "versions": [{"lessThan": "10.5.3 Hotfix 1240838", "status": "affected", "version": "10.5.3", "versionType": "custom"}, {"lessThan": "10.5.4 Hotfix 1240838", "status": "affected", "version": "10.5.4", "versionType": "custom"}, {"lessThan": "10.5.5 Nov 2018 update", "status": "affected", "version": "10.5.5", "versionType": "custom"}, {"lessThan": "10.6.1 Nov 2018 update", "status": "affected", "version": "10.6.1", "versionType": "custom"}]}], "datePublic": "2019-02-28T00:00:00", "descriptions": [{"lang": "en", "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-02-28T15:57:01", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10254"}], "source": {"discovery": "EXTERNAL"}, "title": "McAfee Endpoint Security updates fix a privilege escalation vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2019-3582", "STATE": "PUBLIC", "TITLE": "McAfee Endpoint Security updates fix a privilege escalation vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee Endpoint Security (ENS)", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "10.5.3", "version_value": "10.5.3 Hotfix 1240838"}, {"affected": "<", "version_affected": "<", "version_name": "10.5.4", "version_value": "10.5.4 Hotfix 1240838"}, {"affected": "<", "version_affected": "<", "version_name": "10.5.5", "version_value": "10.5.5 Nov 2018 update"}, {"affected": "<", "version_affected": "<", "version_name": "10.6.1", "version_value": "10.6.1 Nov 2018 update"}]}}]}, "vendor_name": "McAfee, LLC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10254", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10254"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:12:09.374Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10254"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2019-3582", "datePublished": "2019-02-28T16:00:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:12:09.374Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7CBB43C-C5D5-4D6B-AA3E-52FA5C3585A2", "versionEndIncluding": "10.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances."}, {"lang": "es", "value": "Una vulnerabilidad de escalado de privilegios en el cliente de Microsoft Windows en McAfee Endpoint Security (ENS), en versiones 10.6.1 y anteriores, permite a los usuarios locales ganar privilegios elevados gracias a unas circunstancias espec\u00edficas."}], "id": "CVE-2019-3582", "lastModified": "2023-11-07T03:09:54.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:C/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2019-02-28T15:29:00.327", "references": [{"source": "trellixpsirt@trellix.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10254"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}