Sign-up

ID

VAR-201812-1085


CVE

CVE-2018-6703


TITLE

McAfee Agent Uses freed memory vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011280

DESCRIPTION

Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. McAfee Agent (MA) Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. McAfee Agent is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application or cause denial-of-service conditions. McAfee Agent versions 5.5.x and 5.0.x are vulnerable

Trust: 1.98

sources: NVD: CVE-2018-6703 // JVNDB: JVNDB-2018-011280 // BID: 108951 // VULMON: CVE-2018-6703

AFFECTED PRODUCTS

vendor:mcafeemodel:agentscope:eqversion:5.5.1

Trust: 1.7

vendor:mcafeemodel:agentscope:eqversion:5.5.0

Trust: 1.4

vendor:mcafeemodel:agentscope:ltversion:5.6.0

Trust: 1.0

vendor:mcafeemodel:agentscope:gteversion:5.0.0

Trust: 1.0

vendor:mcafeemodel:agentscope:eqversion:5.0.6 for up to 5.0.0

Trust: 0.8

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.3

Trust: 0.3

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.2

Trust: 0.3

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.1

Trust: 0.3

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.0

Trust: 0.3

vendor:mcafeemodel:data exchange layerscope:eqversion:5.0

Trust: 0.3

vendor:mcafeemodel:data exchange layerscope:eqversion:4.0

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.5

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.6

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.4

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.3

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.2

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.1

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.4.449

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.4.283

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.3.362

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.3.316

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.3.272

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.2.333

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.2.285

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.2.188

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.2.132

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.1.518

Trust: 0.3

vendor:mcafeemodel:agentscope:eqversion:5.0.1.516

Trust: 0.3

vendor:mcafeemodel:active responsescope:eqversion:2.0

Trust: 0.3

vendor:mcafeemodel:agentscope:neversion:5.6

Trust: 0.3

vendor:mcafeemodel:agent hf1267991scope:neversion:5.5.1

Trust: 0.3

vendor:mcafeemodel:agent hf1267994scope:neversion:5.0.6

Trust: 0.3

sources: BID: 108951 // JVNDB: JVNDB-2018-011280 // CNNVD: CNNVD-201812-477 // NVD: CVE-2018-6703

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-6703
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-201812-477
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-6703
value: HIGH

Trust: 0.1

NVD: CVE-2018-6703
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

NVD: CVE-2018-6703
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-6703
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2018-6703 // JVNDB: JVNDB-2018-011280 // CNNVD: CNNVD-201812-477 // NVD: CVE-2018-6703

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.8

sources: JVNDB: JVNDB-2018-011280 // NVD: CVE-2018-6703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-477

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201812-477

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2018-6703

PATCH
title:SB10258url:https://kc.mcafee.com/corporate/index?page=content&id=sb10258
Trust: 0.8
title:McAfee Agent Common Service Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87725
Trust: 0.6
title: - url:https://github.com/live-hack-cve/cve-2018-6703 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-6703 // 
            
            
            
            JVNDB: JVNDB-2018-011280 // 
            
            
            
            CNNVD: CNNVD-201812-477

EXTERNAL IDS
db:NVDid:CVE-2018-6703
Trust: 2.8
db:MCAFEEid:SB10258
Trust: 2.0
db:JVNDBid:JVNDB-2018-011280
Trust: 0.8
db:CNNVDid:CNNVD-201812-477
Trust: 0.6
db:BIDid:108951
Trust: 0.3
db:VULMONid:CVE-2018-6703
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-6703 // 
            
            
            
            BID: 108951 // 
            
            
            
            JVNDB: JVNDB-2018-011280 // 
            
            
            
            CNNVD: CNNVD-201812-477 // 
            
            
            
            NVD: CVE-2018-6703

REFERENCES
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10258
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6703
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6703
Trust: 0.8
url:http://www.mcafee.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/416.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2018-6703
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-6703 // 
            
            
            
            BID: 108951 // 
            
            
            
            JVNDB: JVNDB-2018-011280 // 
            
            
            
            CNNVD: CNNVD-201812-477 // 
            
            
            
            NVD: CVE-2018-6703

CREDITS
Frank Cozijnsen of the KPN RED-team.
Trust: 0.3
sources:
            
            
            BID: 108951

SOURCES
db:VULMONid:CVE-2018-6703
db:BIDid:108951
db:JVNDBid:JVNDB-2018-011280
db:CNNVDid:CNNVD-201812-477
db:NVDid:CVE-2018-6703

LAST UPDATE DATE
2023-11-09T23:34:49.771000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-6703date:2023-01-27T00:00:00
db:BIDid:108951date:2019-05-31T00:00:00
db:JVNDBid:JVNDB-2018-011280date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201812-477date:2019-04-24T00:00:00
db:NVDid:CVE-2018-6703date:2023-11-07T03:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-6703date:2018-12-11T00:00:00
db:BIDid:108951date:2019-05-31T00:00:00
db:JVNDBid:JVNDB-2018-011280date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201812-477date:2018-12-12T00:00:00
db:NVDid:CVE-2018-6703date:2018-12-11T23:29:00