Detections
Analytics
McAfee Email Gateway Appliance 7.x Unspecified Command Injection (SB10057)
high Nessus Plugin ID 70785
Language:
Synopsis
The remote host is potentially affected by an unspecified command injection vulnerability.Description
According to the self-reported version of the Web UI on the remote McAfee Email Gateway appliance, it is potentially affected by an unspecified command injection vulnerability. Exploitation could lead to arbitrary code execution.Note that Nessus has not checked for the presence of a patch so this finding may be a false positive.
Solution
Apply MEG 7.0.4 or 7.5.1 or refer to the vendor for a workaround.See Also
https://kc.mcafee.com/corporate/index?page=content&id=SB10057
Plugin Details
Severity: High
ID: 70785
File Name: mcafee_meg_sb10057.nasl
Version: 1.8
Type: remote
Family: CGI abuses
Published: 11/7/2013
Updated: 1/19/2021
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 8.5
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:mcafee:email_gateway
Required KB Items: Settings/ParanoidReport, www/mcafee_webshield
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/15/2012
Vulnerability Publication Date: 10/15/2013
Reference Information
CVE: CVE-2013-6349
BID: 63544
MCAFEE-SB: SB10057