Lucene search

TrellixCVELIST:CVE-2017-3912

HistorySep 18, 2018 - 10:00 p.m.

CVE-2017-3912 McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass

2018-09-1822:00:00

CWE-274

trellix

www.cve.org

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

CNA Affected

[
  {
    "platforms": [
      "x86"
    ],
    "product": "McAfee Application Control and Change Control (MACC)",
    "vendor": "McAfee",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1"
      }
    ]
  },
  {
    "product": "McAfee Application Control and Change Control (MACC)",
    "vendor": "McAfee",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.0"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102988

kc.mcafee.com/corporate/index?page=content&id=SB10224

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2017-3912