CVE-2017-3896

Summary

CVE	CVE-2017-3896
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-02-13 16:59:00 UTC
Updated	2017-07-26 01:29:00 UTC
Description	Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mcafee	Mcafee Agent	5.0.0	All	All	All
Application	Mcafee	Mcafee Agent	5.0.1	All	All	All
Application	Mcafee	Mcafee Agent	5.0.2	All	All	All
Application	Mcafee	Mcafee Agent	5.0.3	All	All	All
Application	Mcafee	Mcafee Agent	5.0.4	All	All	All
Application	Mcafee	Mcafee Agent	5.0.0	All	All	All
Application	Mcafee	Mcafee Agent	5.0.1	All	All	All
Application	Mcafee	Mcafee Agent	5.0.2	All	All	All
Application	Mcafee	Mcafee Agent	5.0.3	All	All	All
Application	Mcafee	Mcafee Agent	5.0.4	All	All	All

References

Reference	Source	Link	Tags
McAfee Agent Input Validation Flaw in Remote Log Viewer Lets Remote Users Deny Service - SecurityTracker	SECTRACK	www.securitytracker.com
McAfee Security Bulletin: McAfee Agent update fixes a vulnerability in its remote log viewing feature (CVE-2017-3896)	CONFIRM	kc.mcafee.com	Vendor Advisory
McAfee Agent CVE-2017-3896 Remote Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.