CVE-2018-6703 CRITICAL

CVE-2018-6703: Remote Logging functionality had a use after free vulnerability in McAfee Agent

Vendor Mcafee, Llc
Product McAfee Agent
Published December 11, 2018
Last update August 5, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.

Key dates

02Disclosure timeline

December 11, 2018 CVE published
August 5, 2024 Record updated