First published: Wed Oct 09 2019(Updated: )
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Endpoint Security | >=10.5.0<=10.5.5 | |
Mcafee Endpoint Security | >=10.6.0<10.6.1 | |
Mcafee Endpoint Security | =10.16.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3653 is an improper access control vulnerability in the Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update.
CVE-2019-3653 allows a local user to gain access to security configuration by unauthorized use of the configuration tool.
McAfee Endpoint Security versions prior to 10.6.1 October 2019 Update and 10.16.1 are affected by CVE-2019-3653.
CVE-2019-3653 has a severity rating of 5.5 (Medium).
To fix CVE-2019-3653, users should update to McAfee Endpoint Security version 10.6.1 October 2019 Update or later.