CVE-2012-4586
Severity Score
3.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.
McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisiĆ³n 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisiĆ³n 1 accede a los archivos con los privilegios del usuario root, lo que permite a usuarios remotos autenticados se salten los permisos simplemente solicitando un archivo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-22 CVE Reserved
- 2012-08-22 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10020 | 2012-08-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Email And Web Security Search vendor "Mcafee" for product "Email And Web Security" | 5.0 Search vendor "Mcafee" for product "Email And Web Security" and version "5.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Email And Web Security Search vendor "Mcafee" for product "Email And Web Security" | 5.5 Search vendor "Mcafee" for product "Email And Web Security" and version "5.5" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Email And Web Security Search vendor "Mcafee" for product "Email And Web Security" | 5.6 Search vendor "Mcafee" for product "Email And Web Security" and version "5.6" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Email Gateway Search vendor "Mcafee" for product "Email Gateway" | 7.0 Search vendor "Mcafee" for product "Email Gateway" and version "7.0" | - |
Affected
| ||||||