PT-2018-2691 · Microsoft+1 · Powershell+1

Published

2018-12-16

Updated

2019-10-09

CVE-2018-6668

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions McAfee Application Control / Change Control version 7.0.1 and earlier

Description The issue is related to a whitelist bypass, which can lead to execution bypass. This can be achieved, for example, through simple DLLs and interpreters such as PowerShell. The vulnerability is associated with errors in the implementation of execution restriction policies, allowing an attacker to execute arbitrary commands using the command line.

Recommendations For McAfee Application Control / Change Control version 7.0.1 and earlier, consider restricting the use of interpreters like PowerShell to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-592

Related Identifiers

BDU:2019-01359

CVE-2018-6668

Affected Products

Mcafee Application/Change Control

Powershell

PT-2018-2691 · Microsoft+1 · Powershell+1

CVE-2018-6668

Weakness Enumeration

Related Identifiers

Affected Products

References · 7