Summary
| Detail | |||
|---|---|---|---|
| Vendor | Mcafee | First view | 2017-03-14 |
| Product | Security Scan Plus | Last view | 2022-08-18 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:mcafee:security_scan_plus:-:*:*:*:*:*:*:* | 7 |
| cpe:2.3:a:mcafee:security_scan_plus:3.11.376:*:*:*:*:*:*:* | 4 |
| cpe:2.3:a:mcafee:security_scan_plus:*:*:*:*:*:*:*:* | 4 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2022-08-18 | CVE-2022-37025 | An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file. |
| 9.8 | 2017-09-01 | CVE-2017-3897 | A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. |
| 7.8 | 2017-03-14 | CVE-2016-8026 | Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. |
| 8.8 | 2017-03-14 | CVE-2016-8008 | Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. |
| 7 | 2017-03-14 | CVE-2015-8993 | Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. |
| 7 | 2017-03-14 | CVE-2015-8992 | Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. |
| 7 | 2017-03-14 | CVE-2015-8991 | Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 71% (5) | CWE-264 | Permissions, Privileges, and Access Controls |
| 14% (1) | CWE-269 | Improper Privilege Management |
| 14% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-09-28 | Name: The security application installed on the remote Windows host is affected by ... File: mcafee_ssp_3_11_599_3.nasl - Type: ACT_GATHER_INFO |
| 2017-08-10 | Name: The security application installed on the remote Windows host is affected by ... File: mcafee_ssp_CVE-2017-3897.nasl - Type: ACT_GATHER_INFO |
| 2017-05-12 | Name: The security application installed on the remote Windows host is affected by ... File: mcafee_ssp_lce.nasl - Type: ACT_GATHER_INFO |
