CVE-2015-8987

MEDIUM

Mcafee Agent < 4.8.0 - Improper Access Control

Title source: rule

Description

Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.

References (1)

[Mitigation, Patch, Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10101

Scores

CVSS v3 5.3

EPSS 0.0014

EPSS Percentile 34.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-284

Status published

Affected Products (2)

mcafee/agent < 4.8.0

Intel/Agent (MA) < 4.8.0 patch 2 and earlier

Timeline

Published Mar 14, 2017

Tracked Since Feb 18, 2026