{"api_version":"1","generated_at":"2026-04-22T20:52:26+00:00","cve":"CVE-2016-3984","urls":{"html":"https://cve.report/CVE-2016-3984","api":"https://cve.report/api/cve/CVE-2016-3984.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-3984","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-3984"},"summary":{"title":"CVE-2016-3984","description":"The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2016-04-08 15:59:00","updated_at":"2016-05-18 21:28:00"},"problem_types":["CWE-284"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1035130","name":"1035130","refsource":"SECTRACK","tags":[],"title":"McAfee VirusScan Enterprise Access Control Flaw Lets Local Users Bypass Self-Protection Security Restrictions - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lab.mediaservice.net/advisory/2016-01-mcafee.txt","name":"http://lab.mediaservice.net/advisory/2016-01-mcafee.txt","refsource":"MISC","tags":["Exploit"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/39531/","name":"39531","refsource":"EXPLOIT-DB","tags":["Exploit"],"title":"McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass - Windows local Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2016/Mar/13","name":"20160304 McAfee VirusScan Enterprise security restrictions bypass","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: McAfee VirusScan Enterprise security restrictions bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10151","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10151","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"McAfee KnowledgeBase - Intel Security - Security Bulletin: Protected resource access bypass vulnerability resolved in multiple McAfee endpoint products for Microsoft Windows","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-3984","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3984","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"3984","vulnerable":"1","versionEndIncluding":"1.1.0.158","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"active_response","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3984","vulnerable":"1","versionEndIncluding":"5.0.2.285","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"agent","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3984","vulnerable":"1","versionEndIncluding":"2.0.0.430.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"data_exchange_layer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3984","vulnerable":"1","versionEndIncluding":"9.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"data_loss_prevention_endpoint","cpe6":"*","cpe7":"p5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3984","vulnerable":"1","versionEndIncluding":"9.4.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"data_loss_prevention_endpoint","cpe6":"*","cpe7":"p1_hf2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3984","vulnerable":"1","versionEndIncluding":"10.0.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"endpoint_security","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3984","vulnerable":"1","versionEndIncluding":"8.0.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"host_intrusion_prevention","cpe6":"*","cpe7":"p6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3984","vulnerable":"1","versionEndIncluding":"8.8.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"virusscan_enterprise","cpe6":"*","cpe7":"p6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2016-3984","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20160304 McAfee VirusScan Enterprise security restrictions bypass","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2016/Mar/13"},{"name":"http://lab.mediaservice.net/advisory/2016-01-mcafee.txt","refsource":"MISC","url":"http://lab.mediaservice.net/advisory/2016-01-mcafee.txt"},{"name":"39531","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/39531/"},{"name":"1035130","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1035130"},{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10151","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10151"}]}},"nvd":{"publishedDate":"2016-04-08 15:59:00","lastModifiedDate":"2016-05-18 21:28:00","problem_types":["CWE-284"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH","baseScore":5.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":4.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":3.6},"severity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:p1_hf2:*:*:*:*:*:*","versionEndIncluding":"9.4.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*","versionEndIncluding":"5.0.2.285","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:virusscan_enterprise:*:p6:*:*:*:*:*:*","versionEndIncluding":"8.8.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:host_intrusion_prevention:*:p6:*:*:*:*:*:*","versionEndIncluding":"8.0.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:p5:*:*:*:*:*:*","versionEndIncluding":"9.3.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:active_response:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.0.158","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.0.430.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"3984","Ordinal":"89869","Title":"CVE-2016-3984","CVE":"CVE-2016-3984","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"3984","Ordinal":"1","NoteData":"The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"3984","Ordinal":"2","NoteData":"2016-04-08","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"3984","Ordinal":"3","NoteData":"2016-04-14","Type":"Other","Title":"Modified"}]}}}