#VU36826 Path traversal in McAfee Web Gateway
Vulnerability identifier: #VU36826
Vulnerability risk: High
CVSSv3.1: 8.3 [AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
McAfee Web Gateway
Server applications /
Remote management servers, RDP, SSH
Vendor: McAfee
Description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x. A remote authenticated attacker can send a specially crafted HTTP request and authenticated administrator users to gain elevated privileges via unspecified vectors.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
McAfee Web Gateway: 7.8.1.0
External links
http://www.securityfocus.com/bid/104893
http://kc.mcafee.com/corporate/index?page=content&id=SB10245
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
