CVE-2019-3654: Client Proxy (MCP) - Authentication Bypass vulnerability
First published: Fri Nov 22 2019(Updated: )
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Client Proxy | <3.0.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-3654?
The severity of CVE-2019-3654 is considered to be medium as it allows local users to bypass important security measures.
How do I fix CVE-2019-3654?
To fix CVE-2019-3654, upgrade McAfee Client Proxy to version 3.0.0 or later.
Who is affected by CVE-2019-3654?
CVE-2019-3654 affects users of McAfee Client Proxy versions prior to 3.0.0 running on Microsoft Windows.
What type of vulnerability is CVE-2019-3654?
CVE-2019-3654 is classified as an authentication bypass vulnerability.
What could an attacker accomplish with CVE-2019-3654?
An attacker exploiting CVE-2019-3654 could temporarily access blocked websites by generating an authorization key.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/mcafee
- canonical/mcafee client proxy
- vendor/microsoft
- canonical/microsoft windows