Loading...

Knowledge Center


McAfee SNS Notice: Update Resolves McAfee Agent Vulnerabilities
SNS Emails ID:   SNS1985
Last Modified:  5/14/2019

Body

Three vulnerabilities in McAfee Agent have been discovered and resolved.
 
Affected Versions
  • 5.6.0
  • 5.5.x
  • 5.0.x
Remediated/Updated Version
The vulnerability is remediated in:
  • 5.6.1
Impact
  • CVE-2019-3599 (CVSS: 6.5; Severity: Medium) Information Disclosure vulnerability in remote logging (which is disabled by default) in McAfee Agent 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.
  • CVE-2019-3598 (CVSS: 5.3; Severity: Medium) McAfee Agent handles UDP requests through a configured port as part of its normal operation. A specially crafted UDP packet might allow an attacker on the same subnet to cause a partial denial-of-service in one of the McAfee Agent components.
  • CVE-2019-1559 (CVSS: 5.9; Severity: Medium) The main issue addressed in the OpenSSL 1.0.2r release relates to calling SSL_shutdown() twice. None of the McAfee products explicitly make this sequence of calls. We are updating our versions of OpenSSL for those products that may be vulnerable.
Recommendation
McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see Knowledge Base articles:
Also included in McAfee Agent 5.6.1
McAfee Agent 5.6.1 provides security and bug fixes, as well as additional enhancements for MVISION Endpoint Detection and Response (EDR) customers.

For a full list of changes, see the Release Notes in PD28281: https://kc.mcafee.com/corporate/index?page=content&id=PD28281.

To download McAfee Agent 5.6.1, go to the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.
 
To receive information about McAfee product updates, sign up for the Support Notification Service at https://sns.secure.mcafee.com/signup_login.

Original Send Date

May 14, 2019

Rate this document

Affected Products

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.