CVE-2018-6703

Summary

Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.

Affected Software

VendorProductVersion RangeStatus
McAfee, LLCMcAfee Agent5.x < 5.6.0affected

Weaknesses

  • Use After Free

Workarounds

Remote logging is disabled by default. Turning off remote logging protects against this issue.

ADP Enrichment

CVE Program Container

Additional References

References