McAfee Agent up to 5.7.0 on Windows Update denial of service

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in McAfee Agent up to 5.7.0 on Windows. It has been declared as problematic. This vulnerability affects an unknown code block of the component Update Handler. Upgrading to version 5.7.1 eliminates this vulnerability.

Field01/19/2021 07:18 AM02/15/2021 08:41 AM02/15/2021 08:47 AM
vendorMcAfeeMcAfeeMcAfee
nameAgentAgentAgent
version<=5.7.0<=5.7.0<=5.7.0
platformWindowsWindowsWindows
componentUpdate HandlerUpdate HandlerUpdate Handler
cwe404 (denial of service)404 (denial of service)404 (denial of service)
risk111
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifierSB10343SB10343SB10343
urlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10343https://kc.mcafee.com/corporate/index?page=content&id=SB10343https://kc.mcafee.com/corporate/index?page=content&id=SB10343
nameUpgradeUpgradeUpgrade
upgrade_version5.7.15.7.15.7.1
cveCVE-2020-7343CVE-2020-7343CVE-2020-7343
date1611010800 (01/19/2021)1611010800 (01/19/2021)1611010800 (01/19/2021)
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore1.71.71.7
cvss2_vuldb_tempscore1.71.51.5
cvss3_vuldb_basescore3.33.33.3
cvss3_vuldb_tempscore3.33.23.2
cvss3_meta_basescore3.33.34.4
cvss3_meta_tempscore3.33.24.2
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned15795612001579561200
cve_nvd_summaryMissing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
confirm_urlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10343https://kc.mcafee.com/corporate/index?page=content&id=SB10343
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iH
cvss3_nvd_aN
cvss2_nvd_avL
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cve_cnaMcAfee
cvss2_nvd_basescore2.1
cvss3_nvd_basescore5.5

Interested in the pricing of exploits?

See the underground prices here!