Vulnerability Details : CVE-2015-2053
The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability.
Vulnerability category: Input validation
Products affected by CVE-2015-2053
- cpe:2.3:a:mcafee:mcafee_agent:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:mcafee_agent:5.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2053
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2053
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-2053
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2053
-
http://www.securityfocus.com/bid/74873
McAfee Agent CVE-2015-2053 Clickjacking Vulnerability
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10094
McAfee Security Bulletin - McAfee Agent update fixes http-generic-click-jacking vulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1031821
McAfee Agent Flaw in Log Viewer Lets Remote Users Conduct Clickjacking Attacks - SecurityTracker
Jump to