CVE-2019-3636 - Vulnerability Details - OpenCVE

A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00063.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Total Protection
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:mcafee:total_protection:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-13271	A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2019-10-28T14:23:25.909754Z

Updated: 2024-09-17T02:57:42.466Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3636

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-10-28T15:15:21.490

Modified: 2024-11-21T04:42:16.497

Link: CVE-2019-3636

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "McAfee Total Protection", "vendor": "McAfee, LCC", "versions": [{"lessThan": "16.0.R22", "status": "affected", "version": "16", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "File Masquerade Vulneraiblity", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-28T14:23:25", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982"}], "source": {"discovery": "UNKNOWN"}, "title": "File masquerade attack vulnerability in McAfee Total Protection", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "", "ID": "CVE-2019-3636", "STATE": "PUBLIC", "TITLE": "File masquerade attack vulnerability in McAfee Total Protection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee Total Protection", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "16", "version_value": "16.0.R22"}]}}]}, "vendor_name": "McAfee, LCC"}]}}, "configuration": [], "credit": [], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "File Masquerade Vulneraiblity"}]}]}, "references": {"reference_data": [{"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982", "refsource": "CONFIRM", "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "UNKNOWN"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:12:09.664Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2019-3636", "datePublished": "2019-10-28T14:23:25.909754Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T02:57:42.466Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:total_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "8369800C-EC3C-4158-975B-747918E602B9", "versionEndIncluding": "16.0.r21", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected."}, {"lang": "es", "value": "Una vulnerabilidad de Enmascaramiento de Archivos en McAfee Total Protection (MTP) versi\u00f3n 16.0.R21 y anteriores, en el cliente de Windows permiti\u00f3 a un atacante leer la lista de texto plano de los archivos de exclusi\u00f3n de AV-Scan desde el registro de Windows, y posiblemente reemplazar los archivos excluidos con un malware potencial sin ser detectado."}], "id": "CVE-2019-3636", "lastModified": "2024-11-21T04:42:16.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-28T15:15:21.490", "references": [{"source": "trellixpsirt@trellix.com", "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}