CVE-2019-3648

low-risk

Published 2019-11-13

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

LOCAL / HIGH complexity

Affected Products (3)

Anti-Virus Plus

Internet Security

Total Protection

Affected Vendors

Mcafee

References (4)

https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-...

https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS1029...

https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-...

https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS1029...

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 9/34 · Low