Using VSE to bypass Windows Credentials on Lock screen
CVE-2019-3588
6.3MEDIUM
Key Information:
- Vendor
- Mcafee, Llc
- Status
- Mcafee Virusscan Enterprise (vse)
- Vendor
- CVE Published:
- 10 June 2020
Summary
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.
Affected Version(s)
McAfee VirusScan Enterprise (VSE) 8.8.x < 8.8 Patch 14
References
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
McAfee credits Lockheed Martin Red Team for reporting this bug