Main Vulnerability Database Vulnerabilities #VU36294

Resource exhaustion in agent - CVE-2018-6707

Published: December 14, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36294

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6707

CWE-ID: CWE-400

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Ilya Grigorik

Affected software:
agent

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism.

How to mitigate CVE-2018-6707

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/106307
https://kc.mcafee.com/corporate/index?page=content&id=SB10260

Resource exhaustion in agent - CVE-2018-6707

Detailed vulnerability description

How to mitigate CVE-2018-6707

Sources

Please verify you're human