FKIE_CVE-2019-3595

Vulnerability from fkie_nvd - Published: 2019-07-24 15:15 - Updated: 2024-11-21 04:42
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute.
References
trellixpsirt@trellix.comhttp://www.securityfocus.com/bid/109377
trellixpsirt@trellix.comhttps://kc.mcafee.com/corporate/index?page=content&id=SB10289
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/109377
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10289
Impacted products
Vendor Product Version
mcafee data_loss_prevention_endpoint *
mcafee data_loss_prevention_endpoint *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D6A5E1F-483B-419E-A879-0490507A2C3D",
              "versionEndExcluding": "11.1.200",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1871DB6-7FA4-493E-A2E7-11D58C99FADD",
              "versionEndExcluding": "11.3.0",
              "versionStartIncluding": "11.2.000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute."
    },
    {
      "lang": "es",
      "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando (\u0027Command Injection\u0027)  en la extensi\u00f3n ePO en McAfee Data Loss Prevention (DLP) 11.x antes de la versi\u00f3n 11.3.0 permite al administrador autenticado ejecutar c\u00f3digo arbitrario con sus privilegios de m\u00e1quina local a trav\u00e9s de una Pol\u00edtica de DLP especialmente dise\u00f1ada, que es exportada y abierta en su m\u00e1quina. En nuestras verificaciones, el usuario debe permitir expl\u00edcitamente que se ejecute el c\u00f3digo."
    }
  ],
  "id": "CVE-2019-3595",
  "lastModified": "2024-11-21T04:42:13.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.0,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 1.4,
        "source": "trellixpsirt@trellix.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-24T15:15:12.180",
  "references": [
    {
      "source": "trellixpsirt@trellix.com",
      "url": "http://www.securityfocus.com/bid/109377"
    },
    {
      "source": "trellixpsirt@trellix.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/109377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10289"
    }
  ],
  "sourceIdentifier": "trellixpsirt@trellix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "trellixpsirt@trellix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.