CVE-2018-6703
published 2018-12-11CVE-2018-6703: Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause…
PriorityP350critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.23%
86.7th percentile
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | agent | >= 5.0.0 < 5.6.0 | 5.6.0 |
| mcafee_llc | mcafee_agent | >= 5.x < 5.6.0 | 5.6.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-12-11
Published