Multiple vulnerabilities in McAfee products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-6659 CVE-2018-6660 CVE-2018-6661 |
| CWE-ID | CWE-79 CWE-22 CWE-427 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
McAfee ePolicy Orchestrator Server applications / Directory software, identity management McAfee True Key Client/Desktop applications / Office applications |
| Vendor | McAfee |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU12135
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6659
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to perform cross-site scripting (XSS) attacks.
The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to versions 5.3.3 or 5.9.1.
Vulnerable software versionsMcAfee ePolicy Orchestrator: 5.3.0 - 5.9.0
External linkshttp://kc.mcafee.com/corporate/index?page=content&id=SB10228
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU12136
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6660
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists due to path traversal. An adjacent attacker can export a specially crafted XML file, use Windows alternate data streams, bypass the file extensions via improper validation of the path and gain access to potentially sensitive information.
Update to versions 5.3.3 or 5.9.1.
Vulnerable software versionsMcAfee ePolicy Orchestrator: 5.3.0 - 5.9.0
External linkshttp://kc.mcafee.com/corporate/index?page=content&id=SB10228
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insecure DLL loading
EUVDB-ID: #VU12138
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-6661
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in Microsoft Windows Client due to insecure .dll loading mechanism when opening files. A local attacker can place a file along with a specially crafted .dll file on a remote SBM or WebDAV share and gain root privileges.
MitigationUpdate to version 4.20.110.
Vulnerable software versionsMcAfee True Key: 4.0 - 4.20
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
