Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0341
McAfee Security Bulletin - McAfee Client Proxy update fixes
Web Gateway bypass vulnerability (CVE-2019-3654)
22 November 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee Client Proxy
Operating System: Windows
Impact/Access: Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-3654
Member content until: Sunday, December 22 2019
OVERVIEW
A vulnerability affecting McAfee Client Proxy has been resolved for
version 3.0.0 [1]
IMPACT
McAfee has provided the following information on the vulnerability.
"CVE-2019-3654
Authentication Bypass vulnerability in the Microsoft Windows client
in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to
bypass scanning of web traffic and gain access to blocked sites for
a short period of time via generating an authorization key on the
client which should only be generated by the network administrator."[1]
MITIGATION
McAfee advises updating to McAfee Client Proxy 3.0 to address this
vulnerability.
REFERENCES
[1] McAfee Security Bulletin - McAfee Client Proxy update fixes Web
Gateway bypass vulnerability (CVE-2019-3654)
https://kc.mcafee.com/corporate/index?page=content&id=SB10305
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXddKimaOgq3Tt24GAQjudRAAsrJZpWtu7f+9XYg/l8bmgNg/NZkzIIjI
mDZfsQ3/RWfAIeX2bwwXERuCV+ARyq8SR8qX/Z19PFP39Hi88WL9HMhrPB1iQQBi
zw2jZboi+YCqegBy+H5jqInqvyS2BtGqKglRVzOq5/YMyp2hgISLc+hBpJdkU72x
wcI7wJcc2CsohrxY1eb3ObNAz4TousynzpoC8Tdfgypqe0LNHh0w6mSKEjveazVm
KBj4L9CjhmPs5dTrhiiO7Jql80vCMWHGCC9q/wwa7IIIT/52+Prsqm9+vGT4ALL/
5JUxvaACGTa4lPmL9PD15SphDoQ4jSgbAI4oiP5a+/LSQCfaCT65dd73gPdmOEV5
58CmEk+Hb1DnNNukAcjxM0/KpWCzhZzYihROOr8VxjnSLGzq2eYVG75ggjsuN7TE
QYFi7nYbtHhdQYYxeie7zjfTsxqrHuvRaflFGxSXkHzUedmoGpaM37o0FHWftP29
RAkBzFEa3CcOtPDHIxAYzbJ9XfTlmggDpxGnVf90B8SGPdTWr5HNCIVqyoilGJBx
GvEMemJXfMYH2A8sQB4KVbkGsRamfQAPoIuSl9hyNf0dI2g0ySyc0xg/5jp9/DLy
oJVheYM+Baq/0Rglv2VlkuGPoyadC4JDrMAKPwB/Z5OUdi5xb31wuOFiVbvxKOoh
b1EtjhU54dg=
=iPL9
-----END PGP SIGNATURE-----