[email protected]CVE-2015-7310

HistorySep 22, 2015 - 3:59 p.m.

CVE-2015-7310

2015-09-2215:59:00

CWE-78

[email protected]

web.nvd.nist.gov

cve-2015-7310

mcafee

esm

esmlm

esmrec

remote execution

nvd

7.9 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.4%

JSON

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.

CPENameOperatorVersion
mcafee:enterprise_security_manager\/log_managermcafee enterprise security manager\/log managerle9.5.0
mcafee:enterprise_security_manager\/receivermcafee enterprise security manager\/receiverle9.5.0
mcafee:enterprise_security_managermcafee enterprise security managerle9.4.2
mcafee:enterprise_security_manager\/receivermcafee enterprise security manager\/receiverle9.4.2
mcafee:enterprise_security_manager\/log_managermcafee enterprise security manager\/log managerle9.4.2
mcafee:enterprise_security_manager\/log_managermcafee enterprise security manager\/log managerle9.3.2
mcafee:enterprise_security_managermcafee enterprise security managerle9.3.2
mcafee:enterprise_security_managermcafee enterprise security managerle9.5.0
mcafee:enterprise_security_manager\/receivermcafee enterprise security manager\/receiverle9.3.2

CPE	Name	Operator	Version
mcafee:enterprise_security_manager\/log_manager	mcafee enterprise security manager\/log manager	le	9.5.0
mcafee:enterprise_security_manager\/receiver	mcafee enterprise security manager\/receiver	le	9.5.0
mcafee:enterprise_security_manager	mcafee enterprise security manager	le	9.4.2
mcafee:enterprise_security_manager\/receiver	mcafee enterprise security manager\/receiver	le	9.4.2
mcafee:enterprise_security_manager\/log_manager	mcafee enterprise security manager\/log manager	le	9.4.2
mcafee:enterprise_security_manager\/log_manager	mcafee enterprise security manager\/log manager	le	9.3.2
mcafee:enterprise_security_manager	mcafee enterprise security manager	le	9.3.2
mcafee:enterprise_security_manager	mcafee enterprise security manager	le	9.5.0
mcafee:enterprise_security_manager\/receiver	mcafee enterprise security manager\/receiver	le	9.3.2

References

www.securitytracker.com/id/1033654

kc.mcafee.com/corporate/index?page=content&id=SB10133

7.9 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2015-7310

cvelist1 openvas1 prion1