← back
CVE-2019-3585

VSE Escalation of Privileges through Alert pop-up window

CVSS 7 HIGHEPSS 0.3%CWE-269
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Jun 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
McAfee, LLC · McAfee VirusScan Enterprise (VSE)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10302