CVE-2018-6671
published 2018-06-15CVE-2018-6671: Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users…
PriorityP346medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
EXPLOIT
EPSS
4.70%
90.7th percentile
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | epolicy_orchestrator | 5.3.0 – 5.3.3 | — |
| mcafee | epolicy_orchestrator | >= 5.3.0 through 5.3.3 < 5.3.3 with hotfix EPO5xHF1229850 | 5.3.3 with hotfix EPO5xHF1229850 |
| mcafee | epolicy_orchestrator | 5.9.0 – 5.9.1 | — |
| mcafee | epolicy_orchestrator | >= 5.9.0 through 5.9.1 < 5.9.1 with hotfix EPO5xHF1229850 | 5.9.1 with hotfix EPO5xHF1229850 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/104485http://www.securitytracker.com/id/1041155https://kc.mcafee.com/corporate/index?page=content&id=SB10240https://www.exploit-db.com/exploits/46518/http://www.securityfocus.com/bid/104485http://www.securitytracker.com/id/1041155https://kc.mcafee.com/corporate/index?page=content&id=SB10240https://www.exploit-db.com/exploits/46518/
2018-06-15
Published