{"vuid":"VU#613886","idnumber":"613886","name":"McAfee Managed Agent contains a denial-of-service (DoS) vulnerability","keywords":["McAfee","managed agent","denial-of-service","DoS","CWE-400"],"overview":"McAfee Managed Agent versions 4.5, 4.6, and possibly earlier versions contain a denial-of-service (DoS) vulnerability (CWE-400).","clean_desc":"CWE-400:Uncontrolled Resource Consumption ('Resource Exhaustion')\nMcAfee Managed Agent versions 4.5 and 4.6 contain a denial-of-service (DoS) vulnerability. McAfee Managed Agent runs a service on Windows workstations called \"McAfee Framework Service\" (FrameworkService.exe) which runs an HTTP server on the default TCP port 8081. By sending a crafted request an attacker can remotely crash the Windows service. This can cause the McAfee software to temporarily stop updating or provide log data until the service is manually restarted.","impact":"An unauthenticated remote attacker may be able to cause a denial-of-service against the McAfee Managed Agent software.","resolution":"McAfee has released a security bulletin with the details on obtaining the security hotfix for Managed Agent 4.5 Patch 3 and Managed Agent 4.6 Patch 3. McAfee Managed Agent versions 4.8 RTW and later are not affected. If applying the security hotfix is not possible, please consider the following workaround.","workarounds":"Accept connections only from the ePO server\nMake sure that the \"Accept connections only from the ePO server\" option is enabled in the ePO Agent policy.","sysaffected":"","thanks":"Thanks to Rodney Beede for reporting this vulnerability.","author":"This document was written by Adam Rauf.","public":["http://cwe.mitre.org/data/definitions/400.html","https://kc.mcafee.com/corporate/index?page=content&id=SB10055"],"cveids":["CVE-2013-3627"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-09-04T12:42:30Z","publicdate":"2013-10-01T00:00:00Z","datefirstpublished":"2013-10-04T12:36:26Z","dateupdated":"2013-10-04T12:36:26Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"N","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5","cvss_basevector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","cvss_temporalscore":"3.9","cvss_environmentalscore":"2.9","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}