McAfee Web Gateway Anti-Malware Engine, part of McAfee Web Protection, is a powerful in-line technology designed to protect against contemporary threats delivered via HTTP and HTTPS channels, taking web exploit detection, zero-day, and targeted threat prevention to the next level.
McAfee Web Gateway uses a version of ‘glibc’ which was found vulnerable to stack guard page bypass and arbitrary code execution via LD_LIBRARY_PATH values.
McAfee Web Gateway prior to version 22.214.171.124
McAfee Web Gateway prior to version 126.96.36.199
QID Detection Logic:
This QID retrieves McAfee Web Gateway version over port 9090 and checks to see if it’s vulnerable.
An unauthenticated attacker could exploit this vulnerability to execute arbitrary code on the system.