Sign-up

ID

VAR-201807-2140


CVE

CVE-2018-6677


TITLE

McAfee Web Gateway Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-007945 // CNNVD: CNNVD-201807-1767

DESCRIPTION

Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. McAfee Web Gateway (MWG) Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. McAfee WebGateway (MWG) is a security gateway product from McAfee. This product provides features such as threat protection, application control, and data loss prevention. A directory traversal vulnerability exists in the administrative user interface in the McAfeeMWG7.8.1.x release. An attacker could exploit the vulnerability to gain elevated privileges. McAfee Web Gateway is prone to a privilege-escalation vulnerability and a remote code-execution vulnerability

Trust: 2.61

sources: NVD: CVE-2018-6677 // JVNDB: JVNDB-2018-007945 // CNVD: CNVD-2018-14216 // BID: 104893 // VULHUB: VHN-136709 // VULMON: CVE-2018-6677

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14216

AFFECTED PRODUCTS

vendor:mcafeemodel:web gatewayscope:eqversion:7.8.1.0

Trust: 1.9

vendor:mcafeemodel:web gateway softwarescope:eqversion:7.8.1.x

Trust: 0.8

vendor:mcafeemodel:web gatewayscope:eqversion:7.8.1.*

Trust: 0.6

vendor:mcafeemodel:mcgafee web gatewayscope:eqversion:7.8.1.0

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.8.1.6

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.8.1.5

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.8.2

Trust: 0.3

sources: CNVD: CNVD-2018-14216 // BID: 104893 // JVNDB: JVNDB-2018-007945 // CNNVD: CNNVD-201807-1767 // NVD: CVE-2018-6677

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6677
value: CRITICAL

Trust: 1.0

trellixpsirt@trellix.com: CVE-2018-6677
value: HIGH

Trust: 1.0

NVD: CVE-2018-6677
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-14216
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-1767
value: CRITICAL

Trust: 0.6

VULHUB: VHN-136709
value: HIGH

Trust: 0.1

VULMON: CVE-2018-6677
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-6677
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-14216
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-136709
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6677
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

trellixpsirt@trellix.com: CVE-2018-6677
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2018-6677
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-14216 // VULHUB: VHN-136709 // VULMON: CVE-2018-6677 // JVNDB: JVNDB-2018-007945 // CNNVD: CNNVD-201807-1767 // NVD: CVE-2018-6677 // NVD: CVE-2018-6677

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-136709 // JVNDB: JVNDB-2018-007945 // NVD: CVE-2018-6677

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1767

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201807-1767

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007945

PATCH
title:SB10245url:https://kc.mcafee.com/corporate/index?page=content&id=SB10245
Trust: 0.8
title:Patch for McAfee WebGateway Directory Traversal Vulnerability (CNVD-2018-14216)url:https://www.cnvd.org.cn/patchInfo/show/135539
Trust: 0.6
title:McAfee Web Gateway Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82575
Trust: 0.6
title: - url:https://github.com/Live-Hack-CVE/CVE-2018-6677 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14216 // 
            
            
            
            VULMON: CVE-2018-6677 // 
            
            
            
            JVNDB: JVNDB-2018-007945 // 
            
            
            
            CNNVD: CNNVD-201807-1767

EXTERNAL IDS
db:NVDid:CVE-2018-6677
Trust: 3.5
db:MCAFEEid:SB10245
Trust: 2.7
db:BIDid:104893
Trust: 2.1
db:JVNDBid:JVNDB-2018-007945
Trust: 0.8
db:CNNVDid:CNNVD-201807-1767
Trust: 0.7
db:CNVDid:CNVD-2018-14216
Trust: 0.6
db:VULHUBid:VHN-136709
Trust: 0.1
db:VULMONid:CVE-2018-6677
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14216 // 
            
            
            
            VULHUB: VHN-136709 // 
            
            
            
            VULMON: CVE-2018-6677 // 
            
            
            
            BID: 104893 // 
            
            
            
            JVNDB: JVNDB-2018-007945 // 
            
            
            
            CNNVD: CNNVD-201807-1767 // 
            
            
            
            NVD: CVE-2018-6677

REFERENCES
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10245
Trust: 2.6
url:http://www.securityfocus.com/bid/104893
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6677
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6677
Trust: 0.8
url:http://www.mcafee.com/
Trust: 0.3
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10245
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2018-6677
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14216 // 
            
            
            
            VULHUB: VHN-136709 // 
            
            
            
            VULMON: CVE-2018-6677 // 
            
            
            
            BID: 104893 // 
            
            
            
            JVNDB: JVNDB-2018-007945 // 
            
            
            
            CNNVD: CNNVD-201807-1767 // 
            
            
            
            NVD: CVE-2018-6677

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104893

SOURCES
db:CNVDid:CNVD-2018-14216
db:VULHUBid:VHN-136709
db:VULMONid:CVE-2018-6677
db:BIDid:104893
db:JVNDBid:JVNDB-2018-007945
db:CNNVDid:CNNVD-201807-1767
db:NVDid:CVE-2018-6677

LAST UPDATE DATE
2024-11-23T21:52:56.830000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14216date:2018-07-30T00:00:00
db:VULHUBid:VHN-136709date:2023-01-27T00:00:00
db:VULMONid:CVE-2018-6677date:2023-01-27T00:00:00
db:BIDid:104893date:2018-07-17T00:00:00
db:JVNDBid:JVNDB-2018-007945date:2018-10-03T00:00:00
db:CNNVDid:CNNVD-201807-1767date:2019-10-17T00:00:00
db:NVDid:CVE-2018-6677date:2024-11-21T04:11:05.643

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14216date:2018-07-30T00:00:00
db:VULHUBid:VHN-136709date:2018-07-23T00:00:00
db:VULMONid:CVE-2018-6677date:2018-07-23T00:00:00
db:BIDid:104893date:2018-07-17T00:00:00
db:JVNDBid:JVNDB-2018-007945date:2018-10-03T00:00:00
db:CNNVDid:CNNVD-201807-1767date:2018-07-23T00:00:00
db:NVDid:CVE-2018-6677date:2018-07-23T13:29:00.373