A vulnerability, which was classified as problematic, was found in McAfee MVision Endpoint 18.11.31.62. Affected is an unknown part. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. This is going to have an impact on integrity, and availability. CVE summarizes:

Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors.

The bug was discovered 01/22/2019. The weakness was shared 01/23/2019 (Website). The advisory is shared for download at kc.mcafee.com. This vulnerability is traded as CVE-2019-3584 since 01/03/2019. The exploitability is told to be easy. It is possible to launch the attack remotely. A authentication is necessary for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.

The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k.

Applying a patch is able to eliminate this problem.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 106789†).

Productinfo

Vendor

• McAfee

Name

• MVision Endpoint

Version

• 18.11.31.62

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion