CVE-2018-6703: Remote Logging functionality had a use after free vulnerability in McAfee Agent
First published: Tue Dec 11 2018(Updated: )
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Agent | >=5.0.0<5.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2018-6703.
What is the severity of CVE-2018-6703?
CVE-2018-6703 has a severity rating of critical.
What is the affected software for CVE-2018-6703?
The affected software for CVE-2018-6703 is McAfee Agent (MA) 5.x prior to 5.6.0.
How can this vulnerability be exploited?
This vulnerability can be exploited by remote unauthenticated attackers sending a specially crafted HTTP header to the logging service.
Is there a fix available for CVE-2018-6703?
Yes, a fix is available for CVE-2018-6703. Please refer to the reference link for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/mcafee
- canonical/mcafee agent
- version/mcafee agent/5.0.0