CVE-2017-3912 - OpenCVE

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Application And Change Control

Configuration 1 [-]

OR	cpe:2.3:a:mcafee:application_and_change_control:6.2.0:::::::*
	cpe:2.3:a:mcafee:application_and_change_control:7.0.1:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102988
https://kc.mcafee.com/corporate/index?page=content&id=SB10224

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2018-09-18T22:00:00

Updated: 2024-08-05T14:39:41.145Z

Reserved: 2016-12-26T00:00:00

Link: CVE-2017-3912

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-18T22:29:00.307

Modified: 2023-11-07T02:44:20.440

Link: CVE-2017-3912

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["x86"], "product": "McAfee Application Control and Change Control (MACC)", "vendor": "McAfee", "versions": [{"status": "affected", "version": "7.0.1"}]}, {"product": "McAfee Application Control and Change Control (MACC)", "vendor": "McAfee", "versions": [{"status": "affected", "version": "6.2.0"}]}], "credits": [{"lang": "en", "value": "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."}], "datePublic": "2018-02-09T00:00:00", "descriptions": [{"lang": "en", "value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-274", "description": "Privilege Escalation (CWE-274)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-19T09:57:01", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224"}, {"name": "102988", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102988"}], "source": {"advisory": "SB10224", "discovery": "EXTERNAL"}, "title": "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass ", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2017-3912", "STATE": "PUBLIC", "TITLE": "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee Application Control and Change Control (MACC)", "version": {"version_data": [{"affected": "=", "platform": "x86", "version_affected": "=", "version_name": "7.0.1", "version_value": "7.0.1"}, {"affected": "=", "version_affected": "=", "version_name": "6.2.0", "version_value": "6.2.0"}]}}]}, "vendor_name": "McAfee"}]}}, "credit": [{"lang": "eng", "value": "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation (CWE-274)"}]}]}, "references": {"reference_data": [{"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224"}, {"name": "102988", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102988"}]}, "source": {"advisory": "SB10224", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:41.145Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224"}, {"name": "102988", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102988"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2017-3912", "datePublished": "2018-09-18T22:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-08-05T14:39:41.145Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:application_and_change_control:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A9BFAE1-40F8-4127-9252-4236287E0648", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:application_and_change_control:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B9C0F15E-86AB-4654-A1D4-7AE9D56CBA8B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de contrase\u00f1a de seguridad en McAfee Application and Change Control (MACC) 7.0.1 y 6.2.0 permite que usuarios autenticados ejecuten comandos arbitrarios mediante una utilidad de l\u00ednea de comandos arbitrarios."}], "id": "CVE-2017-3912", "lastModified": "2023-11-07T02:44:20.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2018-09-18T22:29:00.307", "references": [{"source": "trellixpsirt@trellix.com", "url": "http://www.securityfocus.com/bid/102988"}, {"source": "trellixpsirt@trellix.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-274"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}