Vulnerability Description
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Active Response | <= 1.1.0.158 |
| Mcafee | Agent | <= 5.0.2.285 |
| Mcafee | Data Exchange Layer | <= 2.0.0.430.1 |
| Mcafee | Data Loss Prevention Endpoint | <= 9.3.0 |
| Mcafee | Endpoint Security | <= 10.0.1 |
| Mcafee | Host Intrusion Prevention | <= 8.0.0 |
| Mcafee | Virusscan Enterprise | <= 8.8.0 |
Related Weaknesses (CWE)
References
- http://lab.mediaservice.net/advisory/2016-01-mcafee.txtExploit
- http://seclists.org/fulldisclosure/2016/Mar/13
- http://www.securitytracker.com/id/1035130
- https://kc.mcafee.com/corporate/index?page=content&id=SB10151Vendor Advisory
- https://www.exploit-db.com/exploits/39531/Exploit
- http://lab.mediaservice.net/advisory/2016-01-mcafee.txtExploit
- http://seclists.org/fulldisclosure/2016/Mar/13
- http://www.securitytracker.com/id/1035130
- https://kc.mcafee.com/corporate/index?page=content&id=SB10151Vendor Advisory
- https://www.exploit-db.com/exploits/39531/Exploit
FAQ
What is CVE-2016-3984?
CVE-2016-3984 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, ...
How severe is CVE-2016-3984?
CVE-2016-3984 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3984?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Active Response, Mcafee Agent, Mcafee Data Exchange Layer, Mcafee Data Loss Prevention Endpoint, Mcafee Endpoint Security.