CVE-2018-6669

MEDIUM

McAfee Application Control/Change Control <7.0.1 - RCE

Title source: llm

Description

A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106282

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10261

Scores

CVSS v3 6.3

EPSS 0.0006

EPSS Percentile 19.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Details

CWE

CWE-425

Status published

Products (1)

mcafee/application_change_control < 7.0.1

Published Dec 20, 2018

Tracked Since Feb 18, 2026