Main Vulnerability Database Vulnerabilities #VU36099

Information disclosure in agent - CVE-2019-3599

Published: February 28, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36099

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-3599

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Ilya Grigorik

Affected software:
agent

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.

How to mitigate CVE-2019-3599

Install update from vendor's website.

Sources

https://kc.mcafee.com/corporate/index?page=content&id=SB10271

Information disclosure in agent - CVE-2019-3599

Detailed vulnerability description

How to mitigate CVE-2019-3599

Sources

Please verify you're human