CVE-2017-3898

Summary

A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.

Affected Software

VendorProductVersion RangeStatus
McAfeeLive Safe16.0.3affected

Weaknesses

  • Code Injection vulnerability

ADP Enrichment

CVE Program Container

Additional References

References