CVE-2018-6671

🗓️ 15 Jun 2018 14:00:00Reported by trellixType

cve🔗 web.nvd.nist.gov👁 61 Views🌐 WEB

Application Protection Bypass vulnerability in McAfee ePO 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass security protection via HTTP reques

Reporter	Title	Published	Views	Family All 10
0day.today	McAfee ePO 5.9.1 - Registered Executable Local Access Bypass Vulnerability	10 Mar 201900:00	–	zdt
CNVD	McAfee ePolicy Orchestrator Access Bypass Vulnerability	20 Jun 201800:00	–	cnvd
Cvelist	CVE-2018-6671 SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability	15 Jun 201814:00	–	cvelist
Exploit DB	McAfee ePO 5.9.1 - Registered Executable Local Access Bypass	8 Mar 201900:00	–	exploitdb
EUVD	EUVD-2018-18418	7 Oct 202500:30	–	euvd
exploitpack	McAfee ePO 5.9.1 - Registered Executable Local Access Bypass	8 Mar 201900:00	–	exploitpack
NVD	CVE-2018-6671	15 Jun 201814:29	–	nvd
OSV	CVE-2018-6671	15 Jun 201814:29	–	osv
Packet Storm	McAfee ePO 5.9.1 Registered Executable Local Access Bypass	8 Mar 201900:00	–	packetstorm
Prion	Security feature bypass	15 Jun 201814:29	–	prion

NVD

Node

mcafee epolicy_orchestratorRange5.3.0–5.3.3

mcafee epolicy_orchestratorRange5.9.0–5.9.1

[
  {
    "product": "ePolicy Orchestrator (ePO)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "5.3.3 with hotfix EPO5xHF1229850",
        "status": "affected",
        "version": "5.3.0 through 5.3.3",
        "versionType": "custom"
      },
      {
        "lessThan": "5.9.1 with hotfix EPO5xHF1229850",
        "status": "affected",
        "version": "5.9.0 through 5.9.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kc	www.kc.mcafee.com/corporate/index
securitytracker	www.securitytracker.com/id/1041155
securityfocus	www.securityfocus.com/bid/104485
exploit-db	www.exploit-db.com/exploits/46518/

Parameter	Position	Path	Description
executableName	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.
executablePath	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.
testExeArgs	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.
objectId	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.
ajaxMode	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.
userName	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.
pass	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.
passConfirm	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.
orion.user.security.token	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.
X-Forwarded-For	request body	Notifications/testRegExe.do	POST request that bypasses localhost-only security via X-Forwarded-For to trigger registered executable execution.

17 Jun 2026 02:02Current

5.2Medium risk

Vulners AI Score5.2

CVSS 24

CVSS 34.7 - 6.5

EPSS0.04699