McAfee Personal Firewall Plus 1.0.178.0 mcnasvc.exe denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as problematic has been found in McAfee Personal Firewall Plus 1.0.178.0. Affected by this vulnerability is an unknown functionality of the file mcnasvc.exe. The manipulation results in denial of service. This vulnerability was named CVE-2006-5417. There is no available exploit.
Details
A vulnerability classified as problematic has been found in McAfee Personal Firewall Plus 1.0.178.0 (Firewall Software). Affected is an unknown part of the file mcnasvc.exe. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. CVE summarizes:
McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information.
The weakness was presented 10/20/2006 (Website). The advisory is shared for download at securityfocus.com. This vulnerability is traded as CVE-2006-5417 since 10/19/2006. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the databases at X-Force (29501), SecurityFocus (BID 20496†), Secunia (SA22371†) and SecurityTracker (ID 1017057†). Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.mcafee.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
10/12/2006 🔍10/12/2006 🔍
10/13/2006 🔍
10/19/2006 🔍
10/20/2006 🔍
10/20/2006 🔍
03/12/2015 🔍
04/25/2026 🔍
Sources
Vendor: mcafee.comAdvisory: securityfocus.com⛔
Status: Not defined
CVE: CVE-2006-5417 (🔍)
GCVE (CVE): GCVE-0-2006-5417
GCVE (VulDB): GCVE-100-32868
X-Force: 29501 - McAfee Network Agent mcnasvc.exe denial of service
SecurityFocus: 20496 - McAfee Network Agent Remote Denial of Service Vulnerability
Secunia: 22371 - McAfee Network Agent Invalid String Position Denial of Service, Less Critical
SecurityTracker: 1017057 - Mcafee Network Agent Lets Remote Users Deny Service
Entry
Created: 03/12/2015 22:21Updated: 04/25/2026 02:43
Changes: 03/12/2015 22:21 (61), 10/01/2017 20:42 (1), 04/25/2026 02:43 (18)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.