Mcafee Agent vulnerabilities

25 known vulnerabilities affecting mcafee/agent.

Total CVEs

25

CISA KEV

0

Public exploits

3

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH13MEDIUM10LOW1

Vulnerabilities

Page 2 of 2

CVE-2018-6703CRITICALCVSS 9.8≥ 5.0.0, < 5.6.02018-12-11

CVE-2018-6703 [CRITICAL] CWE-416 CVE-2018-6703: Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prio Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.

CVE-2015-8987MEDIUMCVSS 5.3≤ 4.8.02017-03-14

CVE-2015-8987 [MEDIUM] CWE-284 CVE-2015-8987: Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Ag Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.

CVE-2016-3984MEDIUMCVSS 5.1PoC≤ 5.0.2.2852016-04-08

CVE-2016-3984 [MEDIUM] CWE-284 CVE-2016-3984: The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, En

CVE-2013-3627MEDIUMCVSS 5.0≥ 4.5.0, < 4.5.0.1927≥ 4.6.0, < 4.6.0.32582013-10-05

CVE-2013-3627 [MEDIUM] CWE-399 CVE-2013-3627: FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request.

CVE-2008-1357MEDIUMCVSS 5.4PoCv4.02008-03-17

CVE-2008-1357 [MEDIUM] CWE-134 CVE-2008-1357: Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agen Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to

← Previous2 / 2