CVE-2018-6671
Summary
| CVE | CVE-2018-6671 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-06-15 14:29:00 UTC |
| Updated | 2023-11-07 03:00:00 UTC |
| Description | Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mcafee | Epolicy Orchestrator | All | All | All | All |
| Application | Mcafee | Epolicy Orchestrator | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| McAfee Security Bulletin - ePolicy Orchestrator update fixes possible localhost only access bypass and sensitive information leak vulnerability (CVE-2018-6671 and CVE-2018-6672) | CONFIRM | kc.mcafee.com | Vendor Advisory |
| McAfee ePO 5.9.1 - Registered Executable Local Access Bypass - Windows webapps Exploit | www.exploit-db.com | ||
| McAfee ePolicy Orchestrator Bugs Let Remote Authenticate Users Obtain Potentially Sensitive Information and Bypass Access Controls - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Malformed Request | www.securityfocus.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376557 McAfee ePolicy Orchestrator Access Bypass and Aensitive Information Leak Vulnerabilities (SB10240)