McAfee VirusScan Enterprise < 8.8 Patch 7 Protected Resource Access Bypass (SB10151)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The antivirus application installed on the remote Windows host is
affected by a security mechanism bypass vulnerability.

Description :

The version of McAfee VirusScan Enterprise (VSE) installed on the
remote Windows host is prior to 8.8 Patch 7. It is, therefore,
affected by a flaw in its self-protection mechanism when applying
rules to access settings, which are used to determine what
applications and associated actions can be trusted. An attacker with
Windows administrative privileges can exploit this flaw to control
the trust settings and bypass access restrictions, allowing protected
McAfee applications, including VSE, to be disabled or uninstalled.

Note that the attacker does not need to possess the management
password to exploit this vulnerability.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10151

Solution :

Upgrade to McAfee VirusScan Enterprise version 8.8 Patch 7.

Risk factor :

Low / CVSS Base Score : 3.6
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 2.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 89940 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now