McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC
CVE-2018-6690

6.1MEDIUM

Key Information:

Vendor: Mcafee
Status: Mcafee Application Control (mac)
Vendor: CVE Published:; 18 September 2018

What is CVE-2018-6690?

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.

Affected Version(s)

McAfee Application Control (MAC) x86 8.0.0 HF 4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-67416...

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2018
Vulnerability Reserved
Feb 6, 2018

Credit

McAfee credits Paul W for reporting this flaw.

Mcafee