Auth bypass in Mcafee Mcafee_web_gateway
CVE-2018-6667
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).
Vulnerability class: Broken Authentication
EPSS: 0.035 (87.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Mcafee Mcafee_web_gateway
- Mcafee Web Gateway — versions 7.8.1.0, unspecified
Weakness classification (CWE)
References
- trellixpsirt@trellix.com (x_refsource_CONFIRM)
- trellixpsirt@trellix.com (vdb-entry, x_refsource_SECTRACK)
- trellixpsirt@trellix.com (vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2018-6667?
- CVE-2018-6667 is a critical-severity vulnerability in Mcafee Mcafee_web_gateway, classified under Improper Authentication. CVSS score: 10.0/10. Published 2018-06-26.
- How severe is CVE-2018-6667?
- Critical severity. CVSS v3 base score is 10.0 out of 10.