← back
CVE-2017-3896

CVE-2017-3896

EPSS 2.5%
In short

The McAfee Agent's remote log viewing feature doesn't properly check web link parameters, allowing attackers to send harmful input that the system doesn't validate. This could lead to unintended actions or access to sensitive information.

Technical detail

Unvalidated URL parameters in the remote log viewing functionality of McAfee Agent 5.0.x (before 5.0.4.449) permit remote attackers to inject unexpected inputs without server-side validation. The vulnerability enables parameter tampering attacks that may result in unauthorized information disclosure or system manipulation depending on how parameters are processed downstream.

Summary generated and translated by AI from the official description.
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated.
Affected products
Intel · McAfee Agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10183http://www.securityfocus.com/bid/95903http://www.securitytracker.com/id/1037629