CVE-2018-6703 — Use After Free in LLC Mcafee Agent

CWE-416 — Use After Free3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

2.8%

top 13.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Agent Mcafee Agent

Timeline

PublishedDec 11

Latest updateMay 13

Description

Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDmcafee/agent5.0.0 — 5.6.0

▶CVEListV5mcafee_llc/mcafee_agent5.x — 5.6.0

🔴Vulnerability Details

GHSA

GHSA-3g76-65rh-62w4: Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5↗2022-05-13

▶

CVEList

Remote Logging functionality had a use after free vulnerability in McAfee Agent↗2018-12-11

▶