← back
CVE-2019-3654

Client Proxy (MCP) - Authentication Bypass vulnerability

CVSS 5.3 MEDIUMEPSS 0.7%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Nov 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
Affected products
McAfee · Client Proxy (MCP)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10305