Table of Contents
Info:
- CVSS : 5.5 (MEDIUM)
- CVE.ORG : https://www.cve.org/CVERecord?id=CVE-2024-0311
- References : https://kcm.trellix.com/corporate/index?page=content&id=SB10418
Summary:
- McAfee Client Proxy has MCPBypass.exe which is its own policy bypass program.
- McAfee Client Proxy has challenge/response protection steps before to allow bypass request from user.
- The bypass program requests user to get a valid response code from system admin.
- If user input a valid response code, the bypass program set its status to “Bypass active”.
- if user fail to input a valid response code, the bypass program reject the request.
- This Challenge/Response steps and IPC to MCPService are vulnerable to simple API hooking and can be bypassed with any release codes.