#VU36826 Path traversal in McAfee Web Gateway - CVE-2018-6677
Published: July 23, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU36826
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Amber
CVE-ID: CVE-2018-6677
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
McAfee Web Gateway
McAfee Web Gateway
Software vendor:
McAfee
McAfee
Description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x. A remote authenticated attacker can send a specially crafted HTTP request and authenticated administrator users to gain elevated privileges via unspecified vectors.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.