Vulnerabilities > CVE-2013-3627 - Resource Management Errors vulnerability in Mcafee Agent
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id MCAFEE_CMA_4_8_0_CREDS.NASL description According to the version of the McAfee Agent installed on the remote host, it is affected by a denial of service vulnerability that can be triggered by a specially crafted HTTP request. Successful exploitation will cause the FrameworkService.exe service to crash. Note: This plugin does not check for the presence of any mitigations, such as setting the policy to limit connections only from the ePO server. last seen 2020-06-01 modified 2020-06-02 plugin id 70398 published 2013-10-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70398 title McAfee Managed Agent FrameworkService.exe Denial of Service (SB10055) (credentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70398); script_version("1.9"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id("CVE-2013-3627"); script_bugtraq_id(62785); script_xref(name:"CERT", value:"613886"); script_xref(name:"MCAFEE-SB", value:"SB10055"); script_name(english:"McAfee Managed Agent FrameworkService.exe Denial of Service (SB10055) (credentialed check)"); script_summary(english:"Checks version of McAfee Framework Service"); script_set_attribute( attribute:"synopsis", value: "The remote host has a service installed that is affected by a denial of service vulnerability." ); script_set_attribute( attribute:"description", value: "According to the version of the McAfee Agent installed on the remote host, it is affected by a denial of service vulnerability that can be triggered by a specially crafted HTTP request. Successful exploitation will cause the FrameworkService.exe service to crash. Note: This plugin does not check for the presence of any mitigations, such as setting the policy to limit connections only from the ePO server." ); script_set_attribute(attribute:"see_also", value:"https://kc.mcafee.com/corporate/index?page=content&id=SB10055"); script_set_attribute( attribute:"solution", value: "Apply the correct patches according to the vendor's advisory. As a workaround, it is possible to partially mitigate the vulnerability by adjusting the Agent policy to only allow connections from the ePO server." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/01"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:common_management_agent"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("mcafee_cma_installed.nbin"); script_require_keys("installed_sw/McAfee Agent"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); appname = "McAfee Agent"; install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE); ver = install['version']; path = install['path']; fix = ''; if (ver_compare(ver:ver, fix:"4.5", strict:FALSE) == -1) fix = "4.8.0"; if (ver =~ "^4\.5(\.|$)" && ver_compare(ver:ver, fix:"4.5.0.1927", strict:FALSE) == -1) fix = "4.5.0.1927"; if (ver =~ "^4\.6(\.|$)" && ver_compare(ver:ver, fix:"4.6.0.3258", strict:FALSE) == -1) fix = "4.6.0.3258"; if (fix != '') { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_INST_PATH_NOT_VULN, appname, ver, path );NASL family CGI abuses NASL id MCAFEE_CMA_4_8_0.NASL description According to its self-reported version, the McAfee Managed Agent (MA) running on the remote host is affected by denial of service vulnerability in FrameworkService.exe due to a flaw when handling malformed HTTP requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the Framework Service to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 70397 published 2013-10-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70397 title McAfee Managed Agent FrameworkService.exe HTTP Request DoS (SB10055) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70397); script_version("1.10"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-3627"); script_bugtraq_id(62785); script_xref(name:"CERT", value:"613886"); script_xref(name:"MCAFEE-SB", value:"SB10055"); script_name(english:"McAfee Managed Agent FrameworkService.exe HTTP Request DoS (SB10055)"); script_summary(english:"Checks the version of McAfee Framework Service."); script_set_attribute(attribute:"synopsis", value: "A security management service running on the remote host is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the McAfee Managed Agent (MA) running on the remote host is affected by denial of service vulnerability in FrameworkService.exe due to a flaw when handling malformed HTTP requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the Framework Service to crash."); script_set_attribute(attribute:"see_also", value:"https://kc.mcafee.com/corporate/index?page=content&id=SB10055"); script_set_attribute(attribute:"solution", value: "Apply the relevant patches according to the vendor's advisory. Alternatively, as a workaround, it is possible to partially mitigate the vulnerability by adjusting the Agent policy to only allow connections from the ePO server."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/01"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/11"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:agent"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:mcafee_agent"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:epolicy_orchestrator"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mcafee_cma_detect.nasl"); script_require_ports("Services/www", 8081); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); appname = "McAfee Agent"; port = get_http_port(default:8081, embedded: 1); install = get_single_install(app_name:appname, port:port, exit_if_unknown_ver:TRUE); ver = install['version']; ver_fields = split(ver, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); update = int(ver_fields[3]); fix = ''; # fixed in 4.8.0 # hotfixes for 4.5.x and 4.6.x if (major < 4 || (major == 4 && minor < 5)) fix = '4.8.0'; if (major == 4 && minor == 5 && rev == 0 && update < 1927) fix = '4.5.0.1927'; if (major == 4 && minor == 6 && rev == 0 && update < 3258) fix = '4.6.0.3258'; if (fix != '') { report = '\n Installed Version : ' + ver + '\n Fixed Version : ' + fix + '\n'; security_report_v4(severity:SECURITY_WARNING, port:port, extra:report); } else audit(AUDIT_LISTEN_NOT_VULN, "McAfee Common Management Agent", port, ver);
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 62785 CVE(CAN) ID: CVE-2013-3627 McAfee Agent可通过ePO通讯进行反病毒软件的部署和管理工作。 McAfee Managed Agent 4.5.0.1927、4.6.0.3258之前版本的框架服务FrameworkService.exe存在拒绝服务漏洞,远程攻击者通过特制的畸形HTTP请求到默认TCP端口8081,利用此漏洞可造成拒绝服务。要利用此漏洞需要禁用 "Accept connections only from the ePO server" 选项。 0 McAfee Managed Agent <= 4.6 Patch 3 临时解决方法: 如果您不能立刻安装补丁或者升级,Sebug建议您采取以下措施以降低威胁: *在"ePO Agent"策略中启用"Accept connections only from the ePO server"选项。 厂商补丁: McAfee ------ McAfee已经为此发布了一个安全公告(613886)以及相应补丁: 613886:McAfee Managed Agent update fixes the "Denial of Service" vulnerability against the FrameworkService.exe 链接:http://kc.mcafee.com/corporate/index?page=content&id=SB10055 补丁下载:http://www.mcafee.com/us/downloads |
| id | SSV:61061 |
| last seen | 2017-11-19 |
| modified | 2013-10-10 |
| published | 2013-10-10 |
| reporter | Root |
| title | McAfee Managed Agent 'FrameworkService.exe'远程拒绝服务漏洞 |