Security Vulnerabilities - CVEs Published In March 2017
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.
CVSS Score
7.5
EPSS Score
0.023
Published
2017-03-14
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.
CVSS Score
5.9
EPSS Score
0.004
Published
2017-03-14
Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error.
CVSS Score
9.8
EPSS Score
0.012
Published
2017-03-14
Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-03-14
Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-03-14
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-03-14
Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-03-14
Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-03-14
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
CVSS Score
7.0
EPSS Score
0.0
Published
2017-03-14
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
CVSS Score
7.0
EPSS Score
0.0
Published
2017-03-14