CVE-2019-3636 - OpenCVE

A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Mcafee	Total Protection

Configuration 1 [-]

AND

cpe:2.3:a:mcafee:total_protection:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trellix

Published: 2019-10-28T14:23:25

Updated: 2019-10-28T14:23:25

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3636

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-28T15:15:21.490

Modified: 2023-11-07T03:10:04.590

Link: CVE-2019-3636

JSON object: View

Redhat Information

No data.

CWE

CWE-312

{"containers": {"cna": {"affected": [{"product": "McAfee Total Protection", "vendor": "McAfee, LCC", "versions": [{"lessThan": "16.0.R22", "status": "affected", "version": "16", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "File Masquerade Vulneraiblity", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-28T14:23:25", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982"}], "source": {"discovery": "UNKNOWN"}, "title": "File masquerade attack vulnerability in McAfee Total Protection", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "", "ID": "CVE-2019-3636", "STATE": "PUBLIC", "TITLE": "File masquerade attack vulnerability in McAfee Total Protection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee Total Protection", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "16", "version_value": "16.0.R22"}]}}]}, "vendor_name": "McAfee, LCC"}]}}, "configuration": [], "credit": [], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "File Masquerade Vulneraiblity"}]}]}, "references": {"reference_data": [{"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982", "refsource": "CONFIRM", "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "UNKNOWN"}, "work_around": []}}}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2019-3636", "datePublished": "2019-10-28T14:23:25", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2019-10-28T14:23:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:total_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "8369800C-EC3C-4158-975B-747918E602B9", "versionEndIncluding": "16.0.r21", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected."}, {"lang": "es", "value": "Una vulnerabilidad de Enmascaramiento de Archivos en McAfee Total Protection (MTP) versi\u00f3n 16.0.R21 y anteriores, en el cliente de Windows permiti\u00f3 a un atacante leer la lista de texto plano de los archivos de exclusi\u00f3n de AV-Scan desde el registro de Windows, y posiblemente reemplazar los archivos excluidos con un malware potencial sin ser detectado."}], "id": "CVE-2019-3636", "lastModified": "2023-11-07T03:10:04.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2019-10-28T15:15:21.490", "references": [{"source": "trellixpsirt@trellix.com", "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}