CVE-2016-3984
First published: Fri Apr 08 2016(Updated: )
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Active Response | <=1.1.0.158 | |
| McAfee Agent | <=5.0.2.285 | |
| McAfee Data eXchange Layer | <=2.0.0.430.1 | |
| McAfee Data Loss Prevention Endpoint | <=9.3.0 | |
| McAfee Data Loss Prevention Endpoint | <=9.4.0 | |
| McAfee Endpoint Security | <=10.0.1 | |
| McAfee Host Intrusion Prevention | <=8.0.0 | |
| McAfee VirusScan Enterprise | <=8.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3984?
CVE-2016-3984 has a medium severity rating and could allow an attacker to perform unauthorized actions.
How do I fix CVE-2016-3984?
To fix CVE-2016-3984, update McAfee Active Response to version 1.1.0.161 or later, or apply the necessary patches for the affected software versions.
What products are affected by CVE-2016-3984?
CVE-2016-3984 affects several McAfee products including Active Response, Agent, Data Exchange Layer, Data Loss Prevention Endpoint, Endpoint Security, Host Intrusion Prevention, and VirusScan Enterprise.
What are the versions vulnerable to CVE-2016-3984?
Versions prior to Active Response 1.1.0.161, McAfee Agent 5.0.2 Hotfix 1110392, Data Exchange Layer 2.0.1.140.1, and various versions of Data Loss Prevention Endpoint are vulnerable to CVE-2016-3984.
Is there a workaround for CVE-2016-3984?
There is no official workaround for CVE-2016-3984; updating to a patched version is the recommended solution.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/mcafee
- canonical/mcafee active response
- version/mcafee active response/1.1.0.158
- canonical/mcafee agent
- version/mcafee agent/5.0.2.285
- canonical/mcafee data exchange layer
- version/mcafee data exchange layer/2.0.0.430.1
- canonical/mcafee data loss prevention endpoint
- version/mcafee data loss prevention endpoint/9.3.0
- version/mcafee data loss prevention endpoint/9.4.0
- canonical/mcafee endpoint security
- version/mcafee endpoint security/10.0.1
- canonical/mcafee host intrusion prevention
- version/mcafee host intrusion prevention/8.0.0
- canonical/mcafee virusscan enterprise
- version/mcafee virusscan enterprise/8.8.0