CVE-2016-3984
McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
El McAfee VirusScan Console (mcconsol.exe) en McAfee Active Response (MAR) en versiones anteriores a 1.1.0.161, Agent (MA) 5.x en versiones anteriores a 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) en versiones anteriores a 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 en versiones anteriores a Patch 6 y 9.4 en versiones anteriores a Patch 1 HF3, Device Control (MDC) 9.3 en versiones anteriores a Patch 6 y 9.4 en versiones anteriores a Patch 1 HF3, Endpoint Security (ENS) 10.x en versiones anteriores a 10.1, Host Intrusion Prevention Service (IPS) 8.0 en versiones anteriores a 8.0.0.3624 y VirusScan Enterprise (VSE) 8.8 en versiones anteriores a P7 (8.8.0.1528) en Windows permite a administradores locales eludir las reglas destinadas a la autoprotección y desactivar el motor del antivirus modificando claves de registro.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-04-08 CVE Reserved
- 2016-04-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2016/Mar/13 | Mailing List | |
http://www.securitytracker.com/id/1035130 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/39531 | 2024-08-06 | |
http://lab.mediaservice.net/advisory/2016-01-mcafee.txt | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10151 | 2016-05-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mcafee Search vendor "Mcafee" | Active Response Search vendor "Mcafee" for product "Active Response" | <= 1.1.0.158 Search vendor "Mcafee" for product "Active Response" and version " <= 1.1.0.158" | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Agent Search vendor "Mcafee" for product "Agent" | <= 5.0.2.285 Search vendor "Mcafee" for product "Agent" and version " <= 5.0.2.285" | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Data Exchange Layer Search vendor "Mcafee" for product "Data Exchange Layer" | <= 2.0.0.430.1 Search vendor "Mcafee" for product "Data Exchange Layer" and version " <= 2.0.0.430.1" | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Data Loss Prevention Endpoint Search vendor "Mcafee" for product "Data Loss Prevention Endpoint" | <= 9.3.0 Search vendor "Mcafee" for product "Data Loss Prevention Endpoint" and version " <= 9.3.0" | p5 |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Data Loss Prevention Endpoint Search vendor "Mcafee" for product "Data Loss Prevention Endpoint" | <= 9.4.0 Search vendor "Mcafee" for product "Data Loss Prevention Endpoint" and version " <= 9.4.0" | p1_hf2 |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | <= 10.0.1 Search vendor "Mcafee" for product "Endpoint Security" and version " <= 10.0.1" | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Host Intrusion Prevention Search vendor "Mcafee" for product "Host Intrusion Prevention" | <= 8.0.0 Search vendor "Mcafee" for product "Host Intrusion Prevention" and version " <= 8.0.0" | p6 |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Virusscan Enterprise Search vendor "Mcafee" for product "Virusscan Enterprise" | <= 8.8.0 Search vendor "Mcafee" for product "Virusscan Enterprise" and version " <= 8.8.0" | p6 |
Affected
|