CVE-2017-3912
McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
Vulnerabilidad de omisión de contraseña de seguridad en McAfee Application and Change Control (MACC) 7.0.1 y 6.2.0 permite que usuarios autenticados ejecuten comandos arbitrarios mediante una utilidad de línea de comandos arbitrarios.
*Credits:
McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-26 CVE Reserved
- 2018-09-18 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-274: Improper Handling of Insufficient Privileges
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102988 | Vdb Entry | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10224 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Application And Change Control Search vendor "Mcafee" for product "Application And Change Control" | 6.2.0 Search vendor "Mcafee" for product "Application And Change Control" and version "6.2.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Application And Change Control Search vendor "Mcafee" for product "Application And Change Control" | 7.0.1 Search vendor "Mcafee" for product "Application And Change Control" and version "7.0.1" | - |
Affected
| ||||||