cbcvebase.
CVE-2018-6671
published 2018-06-15

CVE-2018-6671: Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users…

PriorityP346medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
EXPLOIT
EPSS
4.70%
90.7th percentile
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

Affected

4 ranges
VendorProductVersion rangeFixed in
mcafeeepolicy_orchestrator5.3.0 – 5.3.3
mcafeeepolicy_orchestrator>= 5.3.0 through 5.3.3 < 5.3.3 with hotfix EPO5xHF12298505.3.3 with hotfix EPO5xHF1229850
mcafeeepolicy_orchestrator5.9.0 – 5.9.1
mcafeeepolicy_orchestrator>= 5.9.0 through 5.9.1 < 5.9.1 with hotfix EPO5xHF12298505.9.1 with hotfix EPO5xHF1229850

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.