PT-2015-5570 · Mcafee · Mcafee Agent

Published

2015-02-23

Updated

2016-11-30

CVE-2015-2053

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions McAfee Agent versions prior to 4.8.0 Patch 3 McAfee Agent versions prior to 5.0.0

Description The issue allows remote attackers to conduct clickjacking attacks via a crafted web page when the "Accept connections only from the ePO server" option is disabled in the log viewer.

Recommendations For McAfee Agent versions prior to 4.8.0 Patch 3, update to version 4.8.0 Patch 3 or later. For McAfee Agent versions prior to 5.0.0, update to version 5.0.0 or later. As a temporary workaround, consider enabling the "Accept connections only from the ePO server" option to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-2053

Affected Products

Mcafee Agent

PT-2015-5570 · Mcafee · Mcafee Agent

CVE-2015-2053

Weakness Enumeration

Related Identifiers

Affected Products

References · 4