{"containers":{"cna":{"affected":[{"platforms":["x86"],"product":"True Key","vendor":"McAfee","versions":[{"lessThanOrEqual":"5.1.230.7","status":"affected","version":"5.1.230.7","versionType":"custom"}]}],"credits":[{"lang":"en","value":"McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."}],"datePublic":"2018-12-06T00:00:00.000Z","descriptions":[{"lang":"en","value":"Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."}],"metrics":[{"cvssV3_0":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Authentication Abuse vulnerability","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-12-12T10:57:01.000Z","orgId":"01626437-bf8f-4d1c-912a-893b5eb04808","shortName":"trellix"},"references":[{"name":"45961","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/45961/"},{"tags":["x_refsource_CONFIRM"],"url":"http://service.mcafee.com/FAQDocument.aspx?&id=TS102872"}],"source":{"advisory":"TS102872","discovery":"EXTERNAL"},"title":"True Key (TK) Windows Client - Authentication Abuse vulnerability","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@mcafee.com","ID":"CVE-2018-6756","STATE":"PUBLIC","TITLE":"True Key (TK) Windows Client - Authentication Abuse vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"True Key","version":{"version_data":[{"affected":"<=","platform":"x86","version_affected":"<=","version_name":"5.1.230.7","version_value":"5.1.230.7"}]}}]},"vendor_name":"McAfee"}]}},"credit":[{"lang":"eng","value":"McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Authentication Abuse vulnerability"}]}]},"references":{"reference_data":[{"name":"45961","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/45961/"},{"name":"http://service.mcafee.com/FAQDocument.aspx?&id=TS102872","refsource":"CONFIRM","url":"http://service.mcafee.com/FAQDocument.aspx?&id=TS102872"}]},"source":{"advisory":"TS102872","discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T06:10:11.276Z"},"title":"CVE Program Container","references":[{"name":"45961","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/45961/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://service.mcafee.com/FAQDocument.aspx?&id=TS102872"}]}]},"cveMetadata":{"assignerOrgId":"01626437-bf8f-4d1c-912a-893b5eb04808","assignerShortName":"trellix","cveId":"CVE-2018-6756","datePublished":"2018-12-06T23:00:00.000Z","dateReserved":"2018-02-06T00:00:00.000Z","dateUpdated":"2024-08-05T06:10:11.276Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}