cvelistv5 - cve-2018-6677

CVE-2018-6677 (GCVE-0-2018-6677)

Vulnerability from cvelistv5 – Published: 2018-07-23 13:00 – Updated: 2024-08-05 06:10

Title

McAfee Web Gateway (MWG) - Directory Traversal vulnerability

Summary

Severity ?

7.6 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE

Directory Traversal vulnerability

Assigner

trellix

References

URL

Tags

	http://www.securityfocus.com/bid/104893	vdb-entryx_refsource_BID
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	McAfee	McAfee Web Gateway (MWG)	Affected: 7.8.1 , < 7.8.1* (custom) Unaffected: 7.8.2 , < 7.8.2* (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:10:10.756Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104893",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104893"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x86"
          ],
          "product": "McAfee Web Gateway (MWG)",
          "vendor": "McAfee",
          "versions": [
            {
              "lessThan": "7.8.1*",
              "status": "affected",
              "version": "7.8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "7.8.2*",
              "status": "unaffected",
              "version": "7.8.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory Traversal vulnerability\n",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-27T09:57:01",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "name": "104893",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104893"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
        }
      ],
      "source": {
        "advisory": "SB10245",
        "discovery": "INTERNAL"
      },
      "title": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2018-6677",
          "STATE": "PUBLIC",
          "TITLE": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "McAfee Web Gateway (MWG)",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003e=",
                            "platform": "x86",
                            "version_affected": "\u003e=",
                            "version_name": "7.8.1",
                            "version_value": "7.8.1"
                          },
                          {
                            "affected": "!\u003e",
                            "platform": "x86",
                            "version_affected": "!\u003e",
                            "version_name": "7.8.2",
                            "version_value": "7.8.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal vulnerability\n"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104893",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104893"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
            }
          ]
        },
        "source": {
          "advisory": "SB10245",
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2018-6677",
    "datePublished": "2018-07-23T13:00:00",
    "dateReserved": "2018-02-06T00:00:00",
    "dateUpdated": "2024-08-05T06:10:10.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:mcafee_web_gateway:7.8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83A43957-5DBA-4446-A767-A22BC06B314E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en la interfaz de usuario administrativo en McAfee Web Gateway (MWG) MWG 7.8.1.x permite que usuarios administradores autenticados obtengan privilegios elevados mediante vectores sin especificar.\"}]",
      "id": "CVE-2018-6677",
      "lastModified": "2024-11-21T04:11:05.643",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}], \"cvssMetricV30\": [{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 7.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-23T13:29:00.373",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/104893\", \"source\": \"trellixpsirt@trellix.com\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245\", \"source\": \"trellixpsirt@trellix.com\"}, {\"url\": \"http://www.securityfocus.com/bid/104893\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "trellixpsirt@trellix.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-6677\",\"sourceIdentifier\":\"trellixpsirt@trellix.com\",\"published\":\"2018-07-23T13:29:00.373\",\"lastModified\":\"2024-11-21T04:11:05.643\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en la interfaz de usuario administrativo en McAfee Web Gateway (MWG) MWG 7.8.1.x permite que usuarios administradores autenticados obtengan privilegios elevados mediante vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}],\"cvssMetricV30\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:mcafee_web_gateway:7.8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83A43957-5DBA-4446-A767-A22BC06B314E\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104893\",\"source\":\"trellixpsirt@trellix.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245\",\"source\":\"trellixpsirt@trellix.com\"},{\"url\":\"http://www.securityfocus.com/bid/104893\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2018-6677

Vulnerability from fkie_nvd - Published: 2018-07-23 13:29 - Updated: 2024-11-21 04:11

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	trellixpsirt@trellix.com	http://www.securityfocus.com/bid/104893
	trellixpsirt@trellix.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10245
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104893
	af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10245

Impacted products

	Vendor	Product	Version
	mcafee	mcafee_web_gateway	7.8.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:mcafee_web_gateway:7.8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A43957-5DBA-4446-A767-A22BC06B314E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la interfaz de usuario administrativo en McAfee Web Gateway (MWG) MWG 7.8.1.x permite que usuarios administradores autenticados obtengan privilegios elevados mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2018-6677",
  "lastModified": "2024-11-21T04:11:05.643",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 6.0,
        "source": "trellixpsirt@trellix.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-23T13:29:00.373",
  "references": [
    {
      "source": "trellixpsirt@trellix.com",
      "url": "http://www.securityfocus.com/bid/104893"
    },
    {
      "source": "trellixpsirt@trellix.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/104893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
    }
  ],
  "sourceIdentifier": "trellixpsirt@trellix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-14216

Vulnerability from cnvd - Published: 2018-07-30

Title

McAfee Web Gateway目录遍历漏洞（CNVD-2018-14216）

Description

McAfee Web Gateway（MWG）是美国迈克菲（McAfee）公司的一款安全网关产品。该产品提供威胁防护、应用程序控制和数据丢失防护等功能。 McAfee MWG 7.8.1.x版本中的管理用户界面存在目录遍历漏洞。攻击者可利用该漏洞获取提升的权限。

Severity

中

Patch Name

McAfee Web Gateway目录遍历漏洞（CNVD-2018-14216）的补丁

Patch Description

McAfee Web Gateway（MWG）是美国迈克菲（McAfee）公司的一款安全网关产品。该产品提供威胁防护、应用程序控制和数据丢失防护等功能。 McAfee MWG 7.8.1.x版本中的管理用户界面存在目录遍历漏洞。攻击者可利用该漏洞获取提升的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id=SB10245

Reference

https://kc.mcafee.com/corporate/index?page=content&id=SB10245

Impacted products

Name
Mcafee Web Gateway 7.8.1.*

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6677"
    }
  },
  "description": "McAfee Web Gateway\uff08MWG\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u7f51\u5173\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u63d0\u4f9b\u5a01\u80c1\u9632\u62a4\u3001\u5e94\u7528\u7a0b\u5e8f\u63a7\u5236\u548c\u6570\u636e\u4e22\u5931\u9632\u62a4\u7b49\u529f\u80fd\u3002\r\n\r\nMcAfee MWG 7.8.1.x\u7248\u672c\u4e2d\u7684\u7ba1\u7406\u7528\u6237\u754c\u9762\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14216",
  "openTime": "2018-07-30",
  "patchDescription": "McAfee Web Gateway\uff08MWG\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u7f51\u5173\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u63d0\u4f9b\u5a01\u80c1\u9632\u62a4\u3001\u5e94\u7528\u7a0b\u5e8f\u63a7\u5236\u548c\u6570\u636e\u4e22\u5931\u9632\u62a4\u7b49\u529f\u80fd\u3002\r\n\r\nMcAfee MWG 7.8.1.x\u7248\u672c\u4e2d\u7684\u7ba1\u7406\u7528\u6237\u754c\u9762\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Web Gateway\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2018-14216\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Mcafee Web Gateway 7.8.1.*"
  },
  "referenceLink": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-24",
  "title": "McAfee Web Gateway\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2018-14216\uff09"
}

GHSA-77X6-R257-2X55

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-6677"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-23T13:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.",
  "id": "GHSA-77x6-r257-2x55",
  "modified": "2022-05-13T01:31:57Z",
  "published": "2022-05-13T01:31:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6677"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104893"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201807-2140

Vulnerability from variot - Updated: 2023-12-18 13:28

Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. McAfee Web Gateway (MWG) Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. McAfee WebGateway (MWG) is a security gateway product from McAfee. This product provides features such as threat protection, application control, and data loss prevention. A directory traversal vulnerability exists in the administrative user interface in the McAfeeMWG7.8.1.x release. An attacker could exploit the vulnerability to gain elevated privileges. McAfee Web Gateway is prone to a privilege-escalation vulnerability and a remote code-execution vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-2140",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "7.8.1.0"
      },
      {
        "model": "web gateway software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mcafee",
        "version": "7.8.1.x"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.8.1.*"
      },
      {
        "model": "mcgafee web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.8.1.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.8.1.6"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.8.1.5"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.8.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "db": "BID",
        "id": "104893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-6677"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:mcafee_web_gateway:7.8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-6677"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "104893"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-6677",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-6677",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-14216",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-136709",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "trellixpsirt@trellix.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-6677",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-6677",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "trellixpsirt@trellix.com",
            "id": "CVE-2018-6677",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-14216",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-1767",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-136709",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-6677",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-136709"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-6677"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-6677"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-6677"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. McAfee Web Gateway (MWG) Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. McAfee WebGateway (MWG) is a security gateway product from McAfee. This product provides features such as threat protection, application control, and data loss prevention. A directory traversal vulnerability exists in the administrative user interface in the McAfeeMWG7.8.1.x release. An attacker could exploit the vulnerability to gain elevated privileges. McAfee Web Gateway is prone to a privilege-escalation vulnerability and a remote code-execution vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-6677"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "db": "BID",
        "id": "104893"
      },
      {
        "db": "VULHUB",
        "id": "VHN-136709"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-6677"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-6677",
        "trust": 3.5
      },
      {
        "db": "MCAFEE",
        "id": "SB10245",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "104893",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-136709",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-6677",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-136709"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-6677"
      },
      {
        "db": "BID",
        "id": "104893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-6677"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ]
  },
  "id": "VAR-201807-2140",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-136709"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:28:49.775000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SB10245",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10245"
      },
      {
        "title": "Patch for McAfee WebGateway Directory Traversal Vulnerability (CNVD-2018-14216)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/135539"
      },
      {
        "title": "McAfee Web Gateway Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82575"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2018-6677 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-6677"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-136709"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-6677"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10245"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/104893"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6677"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6677"
      },
      {
        "trust": 0.3,
        "url": "http://www.mcafee.com/"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10245"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2018-6677"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-136709"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-6677"
      },
      {
        "db": "BID",
        "id": "104893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-6677"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-136709"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-6677"
      },
      {
        "db": "BID",
        "id": "104893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-6677"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "date": "2018-07-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-136709"
      },
      {
        "date": "2018-07-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-6677"
      },
      {
        "date": "2018-07-17T00:00:00",
        "db": "BID",
        "id": "104893"
      },
      {
        "date": "2018-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "date": "2018-07-23T13:29:00.373000",
        "db": "NVD",
        "id": "CVE-2018-6677"
      },
      {
        "date": "2018-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-14216"
      },
      {
        "date": "2023-01-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-136709"
      },
      {
        "date": "2023-01-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-6677"
      },
      {
        "date": "2018-07-17T00:00:00",
        "db": "BID",
        "id": "104893"
      },
      {
        "date": "2018-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "date": "2023-11-07T03:00:17.407000",
        "db": "NVD",
        "id": "CVE-2018-6677"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "McAfee Web Gateway Path traversal vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007945"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1767"
      }
    ],
    "trust": 0.6
  }
}

GSD-2018-6677

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-6677

Aliases

CVE-2018-6677

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-6677",
    "description": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.",
    "id": "GSD-2018-6677"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-6677"
      ],
      "details": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.",
      "id": "GSD-2018-6677",
      "modified": "2023-12-13T01:22:35.119053Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "ID": "CVE-2018-6677",
        "STATE": "PUBLIC",
        "TITLE": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "McAfee Web Gateway (MWG)",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003e=",
                          "platform": "x86",
                          "version_name": "7.8.1",
                          "version_value": "7.8.1"
                        },
                        {
                          "affected": "!\u003e",
                          "platform": "x86",
                          "version_name": "7.8.2",
                          "version_value": "7.8.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "McAfee"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Directory Traversal vulnerability\n"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104893",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104893"
          },
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
            "refsource": "CONFIRM",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
          }
        ]
      },
      "source": {
        "advisory": "SB10245",
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:mcafee_web_gateway:7.8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2018-6677"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
            },
            {
              "name": "104893",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104893"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2023-01-27T18:35Z",
      "publishedDate": "2018-07-23T13:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-6677 (GCVE-0-2018-6677)

FKIE_CVE-2018-6677

CNVD-2018-14216

GHSA-77X6-R257-2X55

VAR-201807-2140

GSD-2018-6677

Tags

Sightings

Nomenclature