Sign-up

ID

VAR-201909-0102


CVE

CVE-2019-3643


TITLE

McAfee Web Gateway Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-009355

DESCRIPTION

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. The product provides features such as threat protection, application control, and data loss prevention. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2019-3643 // JVNDB: JVNDB-2019-009355 // VULHUB: VHN-155078

AFFECTED PRODUCTS

vendor:mcafeemodel:active responsescope:eqversion:1.0.0

Trust: 1.0

vendor:mcafeemodel:advanced threat defensescope:eqversion:4.0

Trust: 1.0

vendor:mcafeemodel:advanced threat defensescope:eqversion:4.4

Trust: 1.0

vendor:mcafeemodel:active responsescope:eqversion:2.2

Trust: 1.0

vendor:mcafeemodel:active responsescope:eqversion:2.3

Trust: 1.0

vendor:mcafeemodel:advanced threat defensescope:eqversion:4.2

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:eqversion:10.2.0

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:eqversion:11.1.3

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:eqversion:11.2.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.8.2.13

Trust: 1.0

vendor:mcafeemodel:advanced threat defensescope:eqversion:4.6

Trust: 1.0

vendor:mcafeemodel:active responsescope:eqversion:2.1

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:eqversion:11.1.1

Trust: 1.0

vendor:mcafeemodel:active responsescope:eqversion:1.1.0

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:eqversion:11.0.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.8.2

Trust: 1.0

vendor:mcafeemodel:active responsescope:eqversion:2.0

Trust: 1.0

vendor:mcafeemodel:active responsescope:eqversion:2.0.1

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.7.2.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:8.0.0

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:eqversion:11.1.2

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:eqversion:10.3.4

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:eqversion:10.4.0

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:eqversion:11.1.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:8.2.0

Trust: 1.0

vendor:mcafeemodel:active responsescope:eqversion:2.4

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.7.2.24

Trust: 1.0

vendor:mcafeemodel:advanced threat defensescope: - version: -

Trust: 0.8

vendor:mcafeemodel:active responsescope: - version: -

Trust: 0.8

vendor:mcafeemodel:web gateway softwarescope:ltversion:7.8.2.13

Trust: 0.8

vendor:mcafeemodel:siem enterprise security manager the appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-009355 // NVD: CVE-2019-3643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3643
value: HIGH

Trust: 1.0

trellixpsirt@trellix.com: CVE-2019-3643
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3643
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-564
value: HIGH

Trust: 0.6

VULHUB: VHN-155078
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3643
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155078
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3643
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

trellixpsirt@trellix.com: CVE-2019-3643
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-3643
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155078 // JVNDB: JVNDB-2019-009355 // CNNVD: CNNVD-201909-564 // NVD: CVE-2019-3643 // NVD: CVE-2019-3643

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-155078 // JVNDB: JVNDB-2019-009355 // NVD: CVE-2019-3643

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-564

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-564

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009355

PATCH
title:SB10296url:https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Trust: 0.8
title:McAfee Web Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98147
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009355 // 
            
            
            
            CNNVD: CNNVD-201909-564

EXTERNAL IDS
db:NVDid:CVE-2019-3643
Trust: 2.5
db:MCAFEEid:SB10296
Trust: 1.7
db:JVNDBid:JVNDB-2019-009355
Trust: 0.8
db:CNNVDid:CNNVD-201909-564
Trust: 0.7
db:AUSCERTid:ESB-2019.3479
Trust: 0.6
db:VULHUBid:VHN-155078
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155078 // 
            
            
            
            JVNDB: JVNDB-2019-009355 // 
            
            
            
            CNNVD: CNNVD-201909-564 // 
            
            
            
            NVD: CVE-2019-3643

REFERENCES
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10296
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-3643
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3643
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3479/
Trust: 0.6
url:https://vigilance.fr/vulnerability/mcafee-web-gateway-denial-of-service-via-http-scan-30304
Trust: 0.6
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10296
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155078 // 
            
            
            
            JVNDB: JVNDB-2019-009355 // 
            
            
            
            CNNVD: CNNVD-201909-564 // 
            
            
            
            NVD: CVE-2019-3643

SOURCES
db:VULHUBid:VHN-155078
db:JVNDBid:JVNDB-2019-009355
db:CNNVDid:CNNVD-201909-564
db:NVDid:CVE-2019-3643

LAST UPDATE DATE
2024-11-23T20:11:01.326000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155078date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009355date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-564date:2022-04-19T00:00:00
db:NVDid:CVE-2019-3643date:2024-11-21T04:42:17.177

SOURCES RELEASE DATE
db:VULHUBid:VHN-155078date:2019-09-11T00:00:00
db:JVNDBid:JVNDB-2019-009355date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-564date:2019-09-11T00:00:00
db:NVDid:CVE-2019-3643date:2019-09-11T15:15:11.670