CVE-2016-3984
Summary
| CVE | CVE-2016-3984 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-04-08 15:59:10 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys. |
Risk And Classification
Primary CVSS: v3.0 5.1 MEDIUM from [email protected]
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Problem Types: CWE-284 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 5.1 | MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
| 2.0 | [email protected] | Primary | 3.6 | AV:L/AC:L/Au:N/C:N/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
HighUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
LowAvailability
HighCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
PartialAV:L/AC:L/Au:N/C:N/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mcafee | Active Response | All | All | All | All |
| Application | Mcafee | Agent | All | All | All | All |
| Application | Mcafee | Data Exchange Layer | All | All | All | All |
| Application | Mcafee | Data Loss Prevention Endpoint | All | p5 | All | All |
| Application | Mcafee | Data Loss Prevention Endpoint | All | p1_hf2 | All | All |
| Application | Mcafee | Endpoint Security | All | All | All | All |
| Application | Mcafee | Host Intrusion Prevention | All | p6 | All | All |
| Application | Mcafee | Virusscan Enterprise | All | p6 | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| lab.mediaservice.net/advisory/2016-01-mcafee.txt | af854a3a-2127-422b-91ae-364da2661108 | lab.mediaservice.net | Exploit |
| Full Disclosure: McAfee VirusScan Enterprise security restrictions bypass | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass - Windows local Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit |
| McAfee VirusScan Enterprise Access Control Flaw Lets Local Users Bypass Self-Protection Security Restrictions - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| McAfee KnowledgeBase - Intel Security - Security Bulletin: Protected resource access bypass vulnerability resolved in multiple McAfee endpoint products for Microsoft Windows | af854a3a-2127-422b-91ae-364da2661108 | kc.mcafee.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.