CVE-2019-3610

Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/107217
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:09

Type	Values Removed	Values Added
References	~~(CONFIRM) https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889 - Patch, Vendor Advisory~~	() https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889 -
References	~~(BID) http://www.securityfocus.com/bid/107217 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/107217 -

Information

Published : 2019-02-13 17:29

Updated : 2023-12-10 12:44

NVD link : CVE-2019-3610

Mitre link : CVE-2019-3610

CVE.ORG link : CVE-2019-3610

JSON object : View

Products Affected

mcafee

true_key

microsoft

windows

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2019-3610", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.1}]}, "published": "2019-02-13T17:29:00.193", "references": [{"url": "http://www.securityfocus.com/bid/107217", "source": "trellixpsirt@trellix.com"}, {"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889", "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."}, {"lang": "es", "value": "Vulnerabilidad de filtrado de datos en el cliente de Microsoft Windows en McAfee True Key (TK), en versiones 3.1.9211.0 y anteriores, permite que los usuarios locales expongan datos confidenciales mediante malware especialmente manipulado."}], "lastModified": "2023-11-07T03:09:59.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF77FE81-F4CE-42A2-A762-C5EACB8E441F", "versionEndIncluding": "3.1.9211.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "trellixpsirt@trellix.com"}