Vulnerabilities > Mcafee > Agent > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2022-1257 Insecure Storage of Sensitive Information vulnerability in Mcafee Agent
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db.
local
low complexity
mcafee CWE-922
5.5
2021-01-18 CVE-2020-7343 Missing Authorization vulnerability in Mcafee Agent
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files.
local
low complexity
mcafee CWE-862
5.5
2020-03-12 CVE-2020-7253 Improper Input Validation vulnerability in Mcafee Agent
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.
local
low complexity
mcafee CWE-20
4.4
2019-07-18 CVE-2019-3592 Unspecified vulnerability in Mcafee Agent
Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory.
local
low complexity
mcafee
6.7
2019-02-28 CVE-2019-3598 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Agent
Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets.
network
low complexity
mcafee CWE-119
5.3
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2017-03-14 CVE-2015-8987 Improper Access Control vulnerability in Mcafee Agent
Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.
network
high complexity
mcafee CWE-284
5.3
2016-04-08 CVE-2016-3984 Improper Access Control vulnerability in Mcafee products
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
local
low complexity
mcafee CWE-284
5.1