- McAfee Agent versions prior to 22.214.171.1249
The vulnerability is remediated in these versions:
- McAfee Agent 5.0.4 Hotfix 1174804 (126.96.36.1999) and later
- CVE-2017-3896 (CVSS: 7.5; Severity: High) is a vulnerability in the remote log viewing functionality, where an input parameter passed through the URL was not completely validated. This issue is encountered only if both of the following two conditions are met (not enabled by default):
- McAfee Agent remote log viewing functionality is enabled.
- Remote logs access is not restricted to ePolicy Orchestrator administrators only.
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10183, Intel Security - Security Bulletin: McAfee Agent update fixes a vulnerability in its remote log viewing feature (CVE-2017-3896) (https://kc.mcafee.com/corporate/index?page=content&id=SB10183)