CVE-2018-6671

low-risk

Published 2018-06-15

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

Do I need to act?

1.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

46518

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Epolicy Orchestrator

Affected Vendors

Mcafee

References (8)

http://www.securityfocus.com/bid/104485

http://www.securitytracker.com/id/1041155

https://kc.mcafee.com/corporate/index?page=content&id=SB10240

https://www.exploit-db.com/exploits/46518/

http://www.securityfocus.com/bid/104485

http://www.securitytracker.com/id/1041155

https://kc.mcafee.com/corporate/index?page=content&id=SB10240

https://www.exploit-db.com/exploits/46518/

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal