CVE-2018-6671

MEDIUM

McAfee ePolicy Orchestrator <5.3.3, <5.9.1 - Auth Bypass

Title source: llm

Description

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

Exploits (1)

exploitdb WORKING POC

by leonjza · textwebappswindows

https://www.exploit-db.com/exploits/46518

View Code ZIP pw:eip

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10240

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104485

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46518/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041155

Scores

CVSS v3 4.7

EPSS 0.0105

EPSS Percentile 77.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Status published

Products (1)

mcafee/epolicy_orchestrator 5.3.0 - 5.3.3

Published Jun 15, 2018

Tracked Since Feb 18, 2026