Multiple vulnerabilities in agent



Published: 2018-12-12 | Updated: 2020-08-08
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-6707
CVE-2018-6706
CVE-2018-6705
CVE-2018-6704
CWE-ID CWE-400
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		agent
Other software / Other software solutions

Vendor Ilya Grigorik

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU36294

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6707

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism.

Mitigation

Install update from vendor's website.

Vulnerable software versions

agent: 5.5.0 - 5.5.1

External links

http://www.securityfocus.com/bid/106307
http://kc.mcafee.com/corporate/index?page=content&id=SB10260


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU36295

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6706

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

agent: 5.5.0 - 5.5.1

External links

http://www.securityfocus.com/bid/106328
http://kc.mcafee.com/corporate/index?page=content&id=SB10260


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU36296

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6705

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

agent: 5.5.0 - 5.5.1

External links

http://www.securityfocus.com/bid/106328
http://kc.mcafee.com/corporate/index?page=content&id=SB10260


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU36297

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6704

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

agent: 5.5.0 - 5.5.1

External links

http://kc.mcafee.com/corporate/index?page=content&id=SB10259


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###