Lucene search

[email protected]CVE-2013-0141

HistoryMay 01, 2013 - 12:00 p.m.

CVE-2013-0141

2013-05-0112:00:07

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-0141

mcafee

epolicy orchestrator

epo

vulnerability

remote attackers

file upload

agent-server communication channel

nvd

4.3 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.1%

JSON

Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.

Affected configurations

NVD

Node

mcafeeepolicy_orchestratorRange≤4.5.6

mcafeeepolicy_orchestratorMatch2.0

mcafeeepolicy_orchestratorMatch2.5

mcafeeepolicy_orchestratorMatch2.5sp1

mcafeeepolicy_orchestratorMatch2.5.1

mcafeeepolicy_orchestratorMatch3.0

mcafeeepolicy_orchestratorMatch3.0sp2a

mcafeeepolicy_orchestratorMatch3.5.0

mcafeeepolicy_orchestratorMatch3.6.0

mcafeeepolicy_orchestratorMatch3.6.1

mcafeeepolicy_orchestratorMatch4.0

mcafeeepolicy_orchestratorMatch4.5.0

mcafeeepolicy_orchestratorMatch4.5.3

mcafeeepolicy_orchestratorMatch4.5.4

mcafeeepolicy_orchestratorMatch4.5.5

Node

mcafeeepolicy_orchestratorMatch4.6.0

mcafeeepolicy_orchestratorMatch4.6.1

mcafeeepolicy_orchestratorMatch4.6.2

mcafeeepolicy_orchestratorMatch4.6.3

mcafeeepolicy_orchestratorMatch4.6.4

mcafeeepolicy_orchestratorMatch4.6.5

CPENameOperatorVersion
mcafee:epolicy_orchestratormcafee epolicy orchestratorle4.5.6
mcafee:epolicy_orchestratormcafee epolicy orchestratoreq2.0
mcafee:epolicy_orchestratormcafee epolicy orchestratoreq2.5
mcafee:epolicy_orchestratormcafee epolicy orchestratoreq2.5.1
mcafee:epolicy_orchestratormcafee epolicy orchestratoreq3.0
mcafee:epolicy_orchestratormcafee epolicy orchestratoreq3.5.0
mcafee:epolicy_orchestratormcafee epolicy orchestratoreq3.6.0
mcafee:epolicy_orchestratormcafee epolicy orchestratoreq3.6.1
mcafee:epolicy_orchestratormcafee epolicy orchestratoreq4.0
mcafee:epolicy_orchestratormcafee epolicy orchestratoreq4.5.0

CPE	Name	Operator	Version
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	le	4.5.6
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	eq	2.0
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	eq	2.5
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	eq	2.5.1
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	eq	3.0
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	eq	3.5.0
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	eq	3.6.0
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	eq	3.6.1
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	eq	4.0
mcafee:epolicy_orchestrator	mcafee epolicy orchestrator	eq	4.5.0