Details of VAR-201311-0213

ID

VAR-201311-0213

CVE

CVE-2013-6349

TITLE

McAfee Email Gateway Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2013-004998

DESCRIPTION

McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors. McAfee Email Gateway is prone to an unspecified command-injection vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands with root privileges. Successful exploits could compromise the application and possibly the underlying system. The following versions are affected: McAfee Email Gateway 7.0 through 7.0.3 McAfee Email Gateway 7.5 through 7.5.0. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. A security vulnerability exists in MEG 7.0 prior to 7.0.4 and 7.5 prior to 7.5.1

Trust: 1.98

sources: NVD: CVE-2013-6349 // JVNDB: JVNDB-2013-004998 // BID: 63544 // VULHUB: VHN-66351

AFFECTED PRODUCTS

vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.0.3	Trust: 1.6
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.0.1	Trust: 1.6
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.0.2	Trust: 1.6
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.5	Trust: 1.6
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.0.4	Trust: 0.8
vendor:	mcafee	model:	email gateway	scope:	lt	version:	7.0	Trust: 0.8
vendor:	mcafee	model:	email gateway	scope:	lt	version:	7.5	Trust: 0.8
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.5.1	Trust: 0.8
vendor:	mcafee	model:	email gateway patch	scope:	eq	version:	7.01	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.0	Trust: 0.3
vendor:	mcafee	model:	email gateway hotfix	scope:	ne	version:	6.7.22	Trust: 0.3
vendor:	mcafee	model:	email gateway hotfix	scope:	ne	version:	6.7.21	Trust: 0.3

sources: BID: 63544 // JVNDB: JVNDB-2013-004998 // CNNVD: CNNVD-201311-011 // NVD: CVE-2013-6349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6349
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-6349
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201311-011
value:	HIGH
Trust: 0.6
VULHUB:	VHN-66351
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-6349
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66351
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66351 // JVNDB: JVNDB-2013-004998 // CNNVD: CNNVD-201311-011 // NVD: CVE-2013-6349

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-66351 // JVNDB: JVNDB-2013-004998 // NVD: CVE-2013-6349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-011

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201311-011

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004998

PATCH

title:

SB10057

url:

https://kc.mcafee.com/corporate/index?page=content&id=SB10057

Trust: 0.8

sources: JVNDB: JVNDB-2013-004998

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6349	Trust: 2.8
db:	OSVDB	id:	98669	Trust: 1.7
db:	MCAFEE	id:	SB10057	Trust: 1.7
db:	JVNDB	id:	JVNDB-2013-004998	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-011	Trust: 0.6
db:	BID	id:	63544	Trust: 0.4
db:	VULHUB	id:	VHN-66351	Trust: 0.1

sources: VULHUB: VHN-66351 // BID: 63544 // JVNDB: JVNDB-2013-004998 // CNNVD: CNNVD-201311-011 // NVD: CVE-2013-6349

REFERENCES

url:	http://osvdb.org/98669	Trust: 1.7
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10057	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6349	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6349	Trust: 0.8
url:	http://www.mcafee.com/	Trust: 0.3
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10057	Trust: 0.1

sources: VULHUB: VHN-66351 // BID: 63544 // JVNDB: JVNDB-2013-004998 // CNNVD: CNNVD-201311-011 // NVD: CVE-2013-6349

CREDITS

ANZ Bank

Trust: 0.3

sources: BID: 63544

SOURCES

db:	VULHUB	id:	VHN-66351
db:	BID	id:	63544
db:	JVNDB	id:	JVNDB-2013-004998
db:	CNNVD	id:	CNNVD-201311-011
db:	NVD	id:	CVE-2013-6349

LAST UPDATE DATE

2025-04-11T23:12:48.549000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66351	date:	2013-11-04T00:00:00
db:	BID	id:	63544	date:	2013-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-004998	date:	2013-11-06T00:00:00
db:	CNNVD	id:	CNNVD-201311-011	date:	2013-11-04T00:00:00
db:	NVD	id:	CVE-2013-6349	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66351	date:	2013-11-02T00:00:00
db:	BID	id:	63544	date:	2013-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-004998	date:	2013-11-06T00:00:00
db:	CNNVD	id:	CNNVD-201311-011	date:	2013-11-04T00:00:00
db:	NVD	id:	CVE-2013-6349	date:	2013-11-02T21:55:04.677