Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for McAfee Application Control and Change Control (MACC) by McAfee

    CVE-2017-3912 (GCVE-0-2017-3912)

    Vulnerability from nvd – Published: 2018-09-18 22:00 – Updated: 2024-08-05 14:39
    VLAI
    Title
    McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass
    Summary
    Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
    CWE
    • CWE-274 - Privilege Escalation (CWE-274)
    Assigner
    References
    Date Public
    2018-02-09 00:00
    Credits
    McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10224"
              },
              {
                "name": "102988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102988"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Application Control and Change Control (MACC)",
              "vendor": "McAfee",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.1"
                }
              ]
            },
            {
              "product": "McAfee Application Control and Change Control (MACC)",
              "vendor": "McAfee",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."
            }
          ],
          "datePublic": "2018-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-274",
                  "description": "Privilege Escalation (CWE-274)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-19T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10224"
            },
            {
              "name": "102988",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102988"
            }
          ],
          "source": {
            "advisory": "SB10224",
            "discovery": "EXTERNAL"
          },
          "title": "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2017-3912",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Application Control and Change Control (MACC)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "platform": "x86",
                                "version_affected": "=",
                                "version_name": "7.0.1",
                                "version_value": "7.0.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "6.2.0",
                                "version_value": "6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation (CWE-274)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10224",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10224"
                },
                {
                  "name": "102988",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102988"
                }
              ]
            },
            "source": {
              "advisory": "SB10224",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3912",
        "datePublished": "2018-09-18T22:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3912 (GCVE-0-2017-3912)

    Vulnerability from cvelistv5 – Published: 2018-09-18 22:00 – Updated: 2024-08-05 14:39
    VLAI
    Title
    McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass
    Summary
    Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
    CWE
    • CWE-274 - Privilege Escalation (CWE-274)
    Assigner
    References
    Date Public
    2018-02-09 00:00
    Credits
    McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10224"
              },
              {
                "name": "102988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102988"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Application Control and Change Control (MACC)",
              "vendor": "McAfee",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.1"
                }
              ]
            },
            {
              "product": "McAfee Application Control and Change Control (MACC)",
              "vendor": "McAfee",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."
            }
          ],
          "datePublic": "2018-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-274",
                  "description": "Privilege Escalation (CWE-274)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-19T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10224"
            },
            {
              "name": "102988",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102988"
            }
          ],
          "source": {
            "advisory": "SB10224",
            "discovery": "EXTERNAL"
          },
          "title": "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2017-3912",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Application Control and Change Control (MACC)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "platform": "x86",
                                "version_affected": "=",
                                "version_name": "7.0.1",
                                "version_value": "7.0.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "6.2.0",
                                "version_value": "6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation (CWE-274)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10224",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10224"
                },
                {
                  "name": "102988",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102988"
                }
              ]
            },
            "source": {
              "advisory": "SB10224",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3912",
        "datePublished": "2018-09-18T22:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }