CVE-2018-6671

MEDIUM

McAfee ePolicy Orchestrator <5.3.3, <5.9.1 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6671. PoCs published by leonjza.

AI-analyzed exploit summary This exploit bypasses the local access check in McAfee ePO 5.9.1 by using an X-Forwarded-For header to execute arbitrary commands via a registered executable. The PoC demonstrates command injection to write the output of 'whoami' to a file.

Description

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

Exploits (1)

exploitdb WORKING POC
by leonjza · textwebappswindows
https://www.exploit-db.com/exploits/46518

This exploit bypasses the local access check in McAfee ePO 5.9.1 by using an X-Forwarded-For header to execute arbitrary commands via a registered executable. The PoC demonstrates command injection to write the output of 'whoami' to a file.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: McAfee ePO v5.9.1
Auth required
Prerequisites: Valid session token · Access to the ePO server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104485
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46518/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041155

Scores

CVSS v3 4.7
EPSS 0.0470
EPSS Percentile 90.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Status published
Products (1)
mcafee/epolicy_orchestrator 5.3.0 - 5.3.3
Published Jun 15, 2018
Tracked Since Feb 18, 2026