Use After Free Vulnerability in McAfee Agent (MA) 5.x prior to 5.6.0 Allows Remote Code Execution via Crafted HTTP Header

Use After Free Vulnerability in McAfee Agent (MA) 5.x prior to 5.6.0 Allows Remote Code Execution via Crafted HTTP Header

CVE-2018-6703 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.

Learn more about our Web Application Penetration Testing UK.