McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass

CVE-2017-3912

4.4MEDIUM

Key Information

Vendor: Mcafee
Status: Mcafee Application Control And Change Control (macc)
Vendor: CVE Published:; 18 September 2018

Summary

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

Affected Version(s)

McAfee Application Control and Change Control (MACC) = 7.0.1

McAfee Application Control and Change Control (MACC) = 6.2.0

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102988

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2018
Vulnerability Reserved
Dec 26, 2016

Collectors

NVD DatabaseMitre Database

Credit

McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw.