Vulnerability Name: CVE-2019-3644 (CCN-166949) Assigned: 2019-09-10 Published: 2019-09-10 Updated: 2022-03-31 Summary: McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517 , potentially leading to a denial of service. This affects the scanning proxies. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2019-3644 mcafee-cve20193644-dos(166949) Updates and product status for HTTP/2 vulnerabilities (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2019-3643, and CVE-2019-3644) https://kc.mcafee.com/corporate/index?page=content&id=SB10296 Vulnerable Configuration: Configuration 1 :cpe:/a:mcafee:advanced_threat_defense:4.4:*:*:*:*:*:*:* OR cpe:/a:mcafee:advanced_threat_defense:4.6:*:*:*:*:*:*:* OR cpe:/a:mcafee:active_response:1.0.0:*:*:*:*:*:*:* OR cpe:/a:mcafee:active_response:1.1.0:*:*:*:*:*:*:* OR cpe:/a:mcafee:enterprise_security_manager:10.3.4:*:*:*:*:*:*:* OR cpe:/a:mcafee:enterprise_security_manager:11.1.2:*:*:*:*:*:*:* OR cpe:/a:mcafee:enterprise_security_manager:11.2.0:*:*:*:*:*:*:* OR cpe:/a:mcafee:advanced_threat_defense:4.2:*:*:*:*:*:*:* OR cpe:/a:mcafee:active_response:2.0:*:*:*:*:*:*:* OR cpe:/a:mcafee:active_response:2.1:*:*:*:*:*:*:* OR cpe:/a:mcafee:enterprise_security_manager:10.4.0:*:*:*:*:*:*:* OR cpe:/a:mcafee:enterprise_security_manager:11.0.0:*:*:*:*:*:*:* OR cpe:/a:mcafee:enterprise_security_manager:11.1.0:*:*:*:*:*:*:* OR cpe:/a:mcafee:enterprise_security_manager:11.1.1:*:*:*:*:*:*:* OR cpe:/a:mcafee:active_response:2.3:*:*:*:*:*:*:* OR cpe:/a:mcafee:active_response:2.4:*:*:*:*:*:*:* OR cpe:/a:mcafee:web_gateway:*:*:*:*:*:*:*:* (Version >= 7.7.2.0 and < 7.7.2.24) OR cpe:/a:mcafee:web_gateway:*:*:*:*:*:*:*:* (Version >= 7.8.2 and < 7.8.2.13) OR cpe:/a:mcafee:enterprise_security_manager:10.2.0:*:*:*:*:*:*:* OR cpe:/a:mcafee:enterprise_security_manager:11.1.3:*:*:*:*:*:*:* OR cpe:/a:mcafee:advanced_threat_defense:4.0:*:*:*:*:*:*:* OR cpe:/a:mcafee:active_response:2.0.1:*:*:*:*:*:*:* OR cpe:/a:mcafee:active_response:2.2:*:*:*:*:*:*:* OR cpe:/a:mcafee:web_gateway:*:*:*:*:*:*:*:* (Version >= 8.0.0 and < 8.2.0) BACK
mcafee advanced threat defense 4.4
mcafee advanced threat defense 4.6
mcafee active response 1.0.0
mcafee active response 1.1.0
mcafee enterprise security manager 10.3.4
mcafee enterprise security manager 11.1.2
mcafee enterprise security manager 11.2.0
mcafee advanced threat defense 4.2
mcafee active response 2.0
mcafee active response 2.1
mcafee enterprise security manager 10.4.0
mcafee enterprise security manager 11.0.0
mcafee enterprise security manager 11.1.0
mcafee enterprise security manager 11.1.1
mcafee active response 2.3
mcafee active response 2.4
mcafee web gateway *
mcafee web gateway *
mcafee enterprise security manager 10.2.0
mcafee enterprise security manager 11.1.3
mcafee advanced threat defense 4.0
mcafee active response 2.0.1
mcafee active response 2.2
mcafee web gateway *
Denotes that component is vulnerable