Anti Virus Plus
CVE-2019-3648
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
AnalysisAI
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-426. A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. Affected products include: Mcafee Anti-Virus Plus, Mcafee Internet Security, Mcafee Total Protection.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Anti Virus Plus
View allMax Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Rated high severity (CVSS
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. Rated medium severity (CVSS 5.5), this vulnerability i
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. Rated medium severity (CVSS 5.5), this vulnerability i
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. Rated medium severity (CVSS 5.5), this vulnerability i
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Rated medium severity (CVSS
Same weakness CWE-426 – Untrusted Search Path
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today