McAfee Management of Native Encryption CVE-2018-6662 Local Command Injection Vulnerability

Bugtraq ID:	104009
Class:	Input Validation Error
CVE:	CVE-2018-6662
Remote:	No
Local:	Yes
Published:	Apr 24 2018 12:00AM
Updated:	Apr 24 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	McAfee Management of Native Encryption 4.1.3 McAfee Management of Native Encryption 4.1
Not Vulnerable:	McAfee Management of Native Encryption 4.1.4

McAfee Management of Native Encryption CVE-2018-6662 Local Command Injection Vulnerability

McAfee Management of Native Encryption is prone to a local command-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.

McAfee Management of Native Encryption version 4.1.3 and prior versions are vulnerable.

McAfee Management of Native Encryption CVE-2018-6662 Local Command Injection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

McAfee Management of Native Encryption CVE-2018-6662 Local Command Injection Vulnerability

References:

• McAfee Homepage (McAfee)
  
• SB10232: McAfee Security Bulletin - Management of Native Encryption update fixe (McAfee)