Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6671 — Epolicy Orchestrator vulnerability

4 documents4 sources

Severity

6.5MEDIUMNVD

CNA4.7

EPSS

1.0%

top 22.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mcafee Epolicy Orchestrator

Timeline

PublishedJun 15

Latest updateMay 13

Description

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mcafee/epolicy_orchestrator5.3.0 through 5.3.3 — 5.3.3 with hotfix EPO5xHF1229850+1

▶NVDmcafee/epolicy_orchestrator5.3.0 — 5.3.3+1

🔴Vulnerability Details

GHSA

GHSA-wqhm-xfwm-vx5x: Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5↗2022-05-13

▶

CVEList

SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability↗2018-06-15

▶

💥Exploits & PoCs

Exploit-DB

McAfee ePO 5.9.1 - Registered Executable Local Access Bypass↗2019-03-08

▶