Vulnerabilities > Mcafee > Mcafee Agent

DATE CVE VULNERABILITY TITLE RISK
2021-09-22 CVE-2021-31836 Unspecified vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information.
local
low complexity
mcafee
7.1
2021-09-22 CVE-2021-31841 Improper Verification of Cryptographic Signature vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location.
local
low complexity
mcafee CWE-347
7.3
2021-06-10 CVE-2021-31840 Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.0.0/5.6.6
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs.
local
low complexity
mcafee CWE-427
7.3
2020-09-10 CVE-2020-7315 Untrusted Search Path vulnerability in Mcafee Agent 5.0.0
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.
local
low complexity
mcafee CWE-426
6.7
2020-09-10 CVE-2020-7314 Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Agent
Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.
local
low complexity
mcafee CWE-732
7.8
2020-09-10 CVE-2020-7312 Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.0.0
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
local
low complexity
mcafee CWE-427
7.8
2020-09-10 CVE-2020-7311 Improper Privilege Management vulnerability in Mcafee Agent 5.0.0
Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files.
local
high complexity
mcafee CWE-269
7.0
2017-02-13 CVE-2017-3896 Improper Input Validation vulnerability in Mcafee Agent
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated.
network
mcafee CWE-20
4.3
2015-09-18 CVE-2015-7237 Path Traversal vulnerability in Mcafee Agent 5.0.0/5.0.1
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
mcafee CWE-22
5.0
2015-02-23 CVE-2015-2053 Improper Input Validation vulnerability in Mcafee Agent 4.8.0/5.0.0
The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability.
network
mcafee CWE-20
4.3