CVE-2019-3586

Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.1 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10280	Vendor Advisory
http://www.securityfocus.com/bid/108416	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:endpoint_security:10.6.1:201905::::::
	cpe:2.3:a:mcafee:endpoint_security::::::::

Information

Published : 2019-05-15 09:29

Updated : 2020-10-16 09:12

NVD link : CVE-2019-3586

Mitre link : CVE-2019-3586

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

mcafee

endpoint_security

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10280", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10280", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/108416", "name": "108416", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-3586", "ASSIGNER": "psirt@mcafee.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.6}}, "publishedDate": "2019-05-15T16:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mcafee:endpoint_security:10.6.1:201905:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.6.1", "versionStartIncluding": "10.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-10-16T16:12Z"}