Main Vulnerability Database Vulnerabilities #VU36827

#VU36827 Input validation error in McAfee Web Gateway - CVE-2018-6678

Published: July 23, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36827

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Amber

CVE-ID: CVE-2018-6678

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
McAfee Web Gateway

Software vendor:
McAfee

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/104893
https://kc.mcafee.com/corporate/index?page=content&id=SB10245

#VU36827 Input validation error in McAfee Web Gateway - CVE-2018-6678

Description

Remediation

External links

Please verify you're human