Details of VAR-201806-1760

ID

VAR-201806-1760

CVE

CVE-2018-6667

TITLE

McAfee Web Gateway Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006877

DESCRIPTION

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). McAfee Web Gateway Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. McAfee Web Gateway is prone to an authentication-bypass vulnerability. This may lead to further attacks. Web Gateway 7.8.1.0 through 7.8.1.5 are vulnerable. The product provides features such as threat protection, application control, and data loss prevention

Trust: 1.98

sources: NVD: CVE-2018-6667 // JVNDB: JVNDB-2018-006877 // BID: 104564 // VULHUB: VHN-136699

AFFECTED PRODUCTS

vendor:	mcafee	model:	web gateway	scope:	lte	version:	7.8.1.5	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.8.1.0	Trust: 1.0
vendor:	mcafee	model:	web gateway software	scope:	eq	version:	7.8.1.0 to 7.8.1.5	Trust: 0.8
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.8.1.5	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.8.1.0	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	ne	version:	7.8.1.6	Trust: 0.3

sources: BID: 104564 // JVNDB: JVNDB-2018-006877 // NVD: CVE-2018-6667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-6667
value:	CRITICAL
Trust: 1.0
trellixpsirt@trellix.com:	CVE-2018-6667
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-6667
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201806-1229
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-136699
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-6667
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-136699
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-6667
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
trellixpsirt@trellix.com:	CVE-2018-6667
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-136699 // JVNDB: JVNDB-2018-006877 // CNNVD: CNNVD-201806-1229 // NVD: CVE-2018-6667 // NVD: CVE-2018-6667

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-136699 // JVNDB: JVNDB-2018-006877 // NVD: CVE-2018-6667

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1229

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201806-1229

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006877

PATCH

title:	SB102414	url:	https://kc.mcafee.com/corporate/index?page=content&id=SB10241	Trust: 0.8
title:	McAfee Web Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81509	Trust: 0.6

sources: JVNDB: JVNDB-2018-006877 // CNNVD: CNNVD-201806-1229

EXTERNAL IDS

db:	NVD	id:	CVE-2018-6667	Trust: 2.8
db:	BID	id:	104564	Trust: 2.0
db:	MCAFEE	id:	SB10241	Trust: 2.0
db:	SECTRACK	id:	1041129	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-006877	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-1229	Trust: 0.7
db:	VULHUB	id:	VHN-136699	Trust: 0.1

sources: VULHUB: VHN-136699 // BID: 104564 // JVNDB: JVNDB-2018-006877 // CNNVD: CNNVD-201806-1229 // NVD: CVE-2018-6667

REFERENCES

url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10241	Trust: 1.9
url:	http://www.securityfocus.com/bid/104564	Trust: 1.7
url:	http://www.securitytracker.com/id/1041129	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6667	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6667	Trust: 0.8
url:	http://www.mcafee.com/	Trust: 0.3
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10241	Trust: 0.1

sources: VULHUB: VHN-136699 // BID: 104564 // JVNDB: JVNDB-2018-006877 // CNNVD: CNNVD-201806-1229 // NVD: CVE-2018-6667

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 104564

SOURCES

db:	VULHUB	id:	VHN-136699
db:	BID	id:	104564
db:	JVNDB	id:	JVNDB-2018-006877
db:	CNNVD	id:	CNNVD-201806-1229
db:	NVD	id:	CVE-2018-6667

LAST UPDATE DATE

2024-11-23T21:07:39.317000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-136699	date:	2019-10-09T00:00:00
db:	BID	id:	104564	date:	2018-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-006877	date:	2018-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201806-1229	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-6667	date:	2024-11-21T04:11:04.800

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-136699	date:	2018-06-26T00:00:00
db:	BID	id:	104564	date:	2018-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-006877	date:	2018-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201806-1229	date:	2018-06-26T00:00:00
db:	NVD	id:	CVE-2018-6667	date:	2018-06-26T17:29:00.773