Vulnerabilities > CVE-2018-6671 - Unspecified vulnerability in Mcafee Epolicy Orchestrator

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
mcafee
exploit available

Summary

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

Exploit-Db

fileexploits/windows/webapps/46518.txt
idEDB-ID:46518
last seen2019-03-08
modified2019-03-08
platformwindows
port
published2019-03-08
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/46518
titleMcAfee ePO 5.9.1 - Registered Executable Local Access Bypass
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/152027/mcafeeepo591-bypass.txt
idPACKETSTORM:152027
last seen2019-03-13
published2019-03-08
reporterleonjza
sourcehttps://packetstormsecurity.com/files/152027/McAfee-ePO-5.9.1-Registered-Executable-Local-Access-Bypass.html
titleMcAfee ePO 5.9.1 Registered Executable Local Access Bypass