CVE-2017-3912

MEDIUM

McAfee MACC <7.0.1,6.2.0 - Command Injection

Title source: llm

Description

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10224

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102988

Scores

CVSS v3 4.4

EPSS 0.0003

EPSS Percentile 10.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-274 CWE-287

Status published

Products (2)

mcafee/application_and_change_control 6.2.0

mcafee/application_and_change_control 7.0.1

Published Sep 18, 2018

Tracked Since Feb 18, 2026