CVE-2019-3599: McAfee Agent update fixes an Information Disclosure vulnerability
First published: Thu Feb 28 2019(Updated: )
Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Agent | >=5.0.0<=5.0.6 | |
| Mcafee Agent | >=5.5.0<=5.5.2 | |
| Mcafee Agent | =5.6.0 | |
| >=5.0.0<=5.0.6 | ||
| >=5.5.0<=5.5.2 | ||
| =5.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-3599?
CVE-2019-3599 is an Information Disclosure vulnerability in Remote logging in McAfee Agent (MA) 5.x.
How does CVE-2019-3599 affect McAfee Agent?
CVE-2019-3599 allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.
Is remote logging enabled by default in McAfee Agent?
No, remote logging is disabled by default in McAfee Agent.
Which versions of McAfee Agent are affected by CVE-2019-3599?
McAfee Agent versions 5.0.0 to 5.0.6, 5.5.0 to 5.5.2, and 5.6.0 are affected by CVE-2019-3599.
How severe is CVE-2019-3599?
CVE-2019-3599 has a severity score of 7.5 (high).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/title
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/mcafee
- canonical/mcafee agent
- version/mcafee agent/5.0.0
- version/mcafee agent/5.0.6
- version/mcafee agent/5.5.0
- version/mcafee agent/5.5.2
- version/mcafee agent/5.6.0