VAR-201311-0213
Vulnerability from variot - Updated: 2023-12-18 14:06McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors. McAfee Email Gateway is prone to an unspecified command-injection vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands with root privileges. Successful exploits could compromise the application and possibly the underlying system. The following versions are affected: McAfee Email Gateway 7.0 through 7.0.3 McAfee Email Gateway 7.5 through 7.5.0. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. A security vulnerability exists in MEG 7.0 prior to 7.0.4 and 7.5 prior to 7.5.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0213",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "mcafee",
"version": "7.5"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "mcafee",
"version": "7.0.3"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "mcafee",
"version": "7.0.2"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "mcafee",
"version": "7.0.1"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "7.0.4"
},
{
"model": "email gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "mcafee",
"version": "7.0"
},
{
"model": "email gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "mcafee",
"version": "7.5"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "7.5.1"
},
{
"model": "email gateway patch",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.01"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0"
},
{
"model": "email gateway hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.22"
},
{
"model": "email gateway hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.21"
}
],
"sources": [
{
"db": "BID",
"id": "63544"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004998"
},
{
"db": "NVD",
"id": "CVE-2013-6349"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-011"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:email_gateway:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:email_gateway:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:email_gateway:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:email_gateway:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6349"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ANZ Bank",
"sources": [
{
"db": "BID",
"id": "63544"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6349",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.5,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-6349",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-66351",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6349",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-011",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-66351",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66351"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004998"
},
{
"db": "NVD",
"id": "CVE-2013-6349"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors. McAfee Email Gateway is prone to an unspecified command-injection vulnerability because it fails to adequately sanitize user-supplied input. \nAttackers can exploit this issue to execute arbitrary commands with root privileges. Successful exploits could compromise the application and possibly the underlying system. \nThe following versions are affected:\nMcAfee Email Gateway 7.0 through 7.0.3\nMcAfee Email Gateway 7.5 through 7.5.0. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. A security vulnerability exists in MEG 7.0 prior to 7.0.4 and 7.5 prior to 7.5.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6349"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004998"
},
{
"db": "BID",
"id": "63544"
},
{
"db": "VULHUB",
"id": "VHN-66351"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6349",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "98669",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10057",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004998",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-011",
"trust": 0.6
},
{
"db": "BID",
"id": "63544",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-66351",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66351"
},
{
"db": "BID",
"id": "63544"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004998"
},
{
"db": "NVD",
"id": "CVE-2013-6349"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-011"
}
]
},
"id": "VAR-201311-0213",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66351"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:06:14.309000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SB10057",
"trust": 0.8,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10057"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004998"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66351"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004998"
},
{
"db": "NVD",
"id": "CVE-2013-6349"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://osvdb.org/98669"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10057"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6349"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6349"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10057"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66351"
},
{
"db": "BID",
"id": "63544"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004998"
},
{
"db": "NVD",
"id": "CVE-2013-6349"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-66351"
},
{
"db": "BID",
"id": "63544"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004998"
},
{
"db": "NVD",
"id": "CVE-2013-6349"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-66351"
},
{
"date": "2013-10-15T00:00:00",
"db": "BID",
"id": "63544"
},
{
"date": "2013-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004998"
},
{
"date": "2013-11-02T21:55:04.677000",
"db": "NVD",
"id": "CVE-2013-6349"
},
{
"date": "2013-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-66351"
},
{
"date": "2013-10-15T00:00:00",
"db": "BID",
"id": "63544"
},
{
"date": "2013-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004998"
},
{
"date": "2013-11-04T23:53:52.150000",
"db": "NVD",
"id": "CVE-2013-6349"
},
{
"date": "2013-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-011"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "McAfee Email Gateway Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004998"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-011"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…