cnvd - cnvd-2018-15898

CNVD-2018-15898

Vulnerability from cnvd - Published: 2018-08-21

Title

McAfee Drive Encryption TPM autoboot身份认证绕过漏洞

Description

McAfee Drive Encryption（MDE）是美国迈克菲（McAfee）公司的一套全磁盘加密软件。该软件主要用于保护搭载Microsoft Windows系统的平板电脑、笔记本电脑和台上电脑上的数据防止敏感数据丢失。TPM autoboot是其中的一个TPM自动启动插件。 McAfee MDE 7.1.0及之前版本中的TPM autoboot存在身份验证绕过漏洞。物理位置临近的攻击者可利用该漏洞绕过本地安全保护。

Severity

高

Patch Name

McAfee Drive Encryption TPM autoboot身份认证绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id;=SB10242

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-6686

Impacted products

Name
McAfee McAfee Drive Encryption（MDE） <=7.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6686"
    }
  },
  "description": "McAfee Drive Encryption\uff08MDE\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u5168\u78c1\u76d8\u52a0\u5bc6\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u4fdd\u62a4\u642d\u8f7dMicrosoft Windows\u7cfb\u7edf\u7684\u5e73\u677f\u7535\u8111\u3001\u7b14\u8bb0\u672c\u7535\u8111\u548c\u53f0\u4e0a\u7535\u8111\u4e0a\u7684\u6570\u636e\u9632\u6b62\u654f\u611f\u6570\u636e\u4e22\u5931\u3002TPM autoboot\u662f\u5176\u4e2d\u7684\u4e00\u4e2aTPM\u81ea\u52a8\u542f\u52a8\u63d2\u4ef6\u3002\r\n\r\nMcAfee MDE 7.1.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684TPM autoboot\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u672c\u5730\u5b89\u5168\u4fdd\u62a4\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id;=SB10242",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-15898",
  "openTime": "2018-08-21",
  "patchDescription": "McAfee Drive Encryption\uff08MDE\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u5168\u78c1\u76d8\u52a0\u5bc6\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u4fdd\u62a4\u642d\u8f7dMicrosoft Windows\u7cfb\u7edf\u7684\u5e73\u677f\u7535\u8111\u3001\u7b14\u8bb0\u672c\u7535\u8111\u548c\u53f0\u4e0a\u7535\u8111\u4e0a\u7684\u6570\u636e\u9632\u6b62\u654f\u611f\u6570\u636e\u4e22\u5931\u3002TPM autoboot\u662f\u5176\u4e2d\u7684\u4e00\u4e2aTPM\u81ea\u52a8\u542f\u52a8\u63d2\u4ef6\u3002\r\n\r\nMcAfee MDE 7.1.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684TPM autoboot\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u672c\u5730\u5b89\u5168\u4fdd\u62a4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Drive Encryption TPM autoboot\u8eab\u4efd\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "McAfee McAfee Drive Encryption\uff08MDE\uff09 \u003c=7.1.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-6686",
  "serverity": "\u9ad8",
  "submitTime": "2018-08-01",
  "title": "McAfee Drive Encryption TPM autoboot\u8eab\u4efd\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-6686 (GCVE-0-2018-6686)

Vulnerability from cvelistv5 – Published: 2018-07-27 13:00 – Updated: 2024-08-05 06:10

Title

Drive Encryption (MDE) - Authentication Bypass vulnerability

Summary

Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances.

Severity ?

7 (High)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

Authentication Bypass vulnerability

Assigner

trellix

References

URL

Tags

https://kc.mcafee.com/corporate/index?page=conten…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	McAfee	Drive Encryption (MDE)	Affected: 7.1.0 , < 7.1.0* (custom) Affected: 7.1.3.634 , < 7.1.3.634 (custom) Affected: 7.2.0 , < 7.2.0* (custom) Affected: 7.2.6 , < 7.2.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:10:10.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10242"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x86"
          ],
          "product": "Drive Encryption (MDE)",
          "vendor": "McAfee",
          "versions": [
            {
              "lessThan": "7.1.0*",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.1.3.634",
              "status": "affected",
              "version": "7.1.3.634",
              "versionType": "custom"
            },
            {
              "lessThan": "7.2.0*",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.2.6",
              "status": "affected",
              "version": "7.2.6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication Bypass vulnerability\n",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-27T12:57:01",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10242"
        }
      ],
      "source": {
        "advisory": "SB10242",
        "discovery": "USER"
      },
      "title": "Drive Encryption (MDE) - Authentication Bypass vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2018-6686",
          "STATE": "PUBLIC",
          "TITLE": "Drive Encryption (MDE) - Authentication Bypass vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Drive Encryption (MDE)",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003e=",
                            "platform": "x86",
                            "version_affected": "\u003e=",
                            "version_name": "7.1.0",
                            "version_value": "7.1.0"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "x86",
                            "version_affected": "\u003c",
                            "version_name": "7.1.3.634",
                            "version_value": "7.1.3.634"
                          },
                          {
                            "affected": "\u003e=",
                            "platform": "x86",
                            "version_affected": "\u003e=",
                            "version_name": "7.2.0",
                            "version_value": "7.2.0"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "x86",
                            "version_affected": "\u003c",
                            "version_name": "7.2.6",
                            "version_value": "7.2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication Bypass vulnerability\n"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10242",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10242"
            }
          ]
        },
        "source": {
          "advisory": "SB10242",
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2018-6686",
    "datePublished": "2018-07-27T13:00:00",
    "dateReserved": "2018-02-06T00:00:00",
    "dateUpdated": "2024-08-05T06:10:10.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-15898

CVE-2018-6686 (GCVE-0-2018-6686)

Tags

Sightings

Nomenclature