Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0341 McAfee Security Bulletin - McAfee Client Proxy update fixes Web Gateway bypass vulnerability (CVE-2019-3654) 22 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Client Proxy Operating System: Windows Impact/Access: Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-3654 Member content until: Sunday, December 22 2019 OVERVIEW A vulnerability affecting McAfee Client Proxy has been resolved for version 3.0.0 [1] IMPACT McAfee has provided the following information on the vulnerability. "CVE-2019-3654 Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator."[1] MITIGATION McAfee advises updating to McAfee Client Proxy 3.0 to address this vulnerability. REFERENCES [1] McAfee Security Bulletin - McAfee Client Proxy update fixes Web Gateway bypass vulnerability (CVE-2019-3654) https://kc.mcafee.com/corporate/index?page=content&id=SB10305 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXddKimaOgq3Tt24GAQjudRAAsrJZpWtu7f+9XYg/l8bmgNg/NZkzIIjI mDZfsQ3/RWfAIeX2bwwXERuCV+ARyq8SR8qX/Z19PFP39Hi88WL9HMhrPB1iQQBi zw2jZboi+YCqegBy+H5jqInqvyS2BtGqKglRVzOq5/YMyp2hgISLc+hBpJdkU72x wcI7wJcc2CsohrxY1eb3ObNAz4TousynzpoC8Tdfgypqe0LNHh0w6mSKEjveazVm KBj4L9CjhmPs5dTrhiiO7Jql80vCMWHGCC9q/wwa7IIIT/52+Prsqm9+vGT4ALL/ 5JUxvaACGTa4lPmL9PD15SphDoQ4jSgbAI4oiP5a+/LSQCfaCT65dd73gPdmOEV5 58CmEk+Hb1DnNNukAcjxM0/KpWCzhZzYihROOr8VxjnSLGzq2eYVG75ggjsuN7TE QYFi7nYbtHhdQYYxeie7zjfTsxqrHuvRaflFGxSXkHzUedmoGpaM37o0FHWftP29 RAkBzFEa3CcOtPDHIxAYzbJ9XfTlmggDpxGnVf90B8SGPdTWr5HNCIVqyoilGJBx GvEMemJXfMYH2A8sQB4KVbkGsRamfQAPoIuSl9hyNf0dI2g0ySyc0xg/5jp9/DLy oJVheYM+Baq/0Rglv2VlkuGPoyadC4JDrMAKPwB/Z5OUdi5xb31wuOFiVbvxKOoh b1EtjhU54dg= =iPL9 -----END PGP SIGNATURE-----