CVE-2018-6667

EUVD-2018-18414
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
trellixCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
mcafeemcafee_web_gateway
7.8.1.0 ≤
𝑥
≤ 7.8.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104564
http://www.securitytracker.com/id/1041129
https://kc.mcafee.com/corporate/index?page=content&id=SB10241
http://www.securityfocus.com/bid/104564
http://www.securitytracker.com/id/1041129
https://kc.mcafee.com/corporate/index?page=content&id=SB10241