Vulnerability Details : CVE-2018-6678
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2018-6678
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 34 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-6678
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
3.4
|
LOW | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L |
1.7
|
1.4
|
McAfee (DEFUNCT) |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
NIST |
References for CVE-2018-6678
-
http://www.securityfocus.com/bid/104893
McAfee Web Gateway Privilege Escalation and Remote Code Execution VulnerabilitiesBroken Link;Third Party Advisory;VDB Entry
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10245
McAfee Security Bulletin - Web Gateway update fixes two vulnerabilities (CVE-2018-6677 and CVE-2018-6678)Vendor Advisory
Products affected by CVE-2018-6678
- cpe:2.3:a:mcafee:mcafee_web_gateway:7.8.1.0:*:*:*:*:*:*:*