Improper input validation in McAfee products - CVE-2018-6690
Published: December 11, 2018 / Updated: December 12, 2018
Vulnerability identifier: #VU16496
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6690
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: McAfee
Affected software:
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR52
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR42
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR52
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR42
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32
Detailed vulnerability description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to improper access control. The executable files from a hard drive solidified by MACC (McAfee Application and Change Control) can be executed on the system that did not generate the inventory.
How to mitigate CVE-2018-6690
Install update from vendor's website.