Lucene search

TrellixCVELIST:CVE-2017-3936

HistoryJun 13, 2018 - 9:00 p.m.

CVE-2017-3936 McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability

2018-06-1321:00:00

trellix

www.cve.org

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

9.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.

CNA Affected

[
  {
    "platforms": [
      "x86"
    ],
    "product": "ePolicy Orchestrator (ePO)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "5.3.3",
        "status": "affected",
        "version": "5.1",
        "versionType": "custom"
      },
      {
        "lessThan": "5.3.3",
        "status": "affected",
        "version": "5.3",
        "versionType": "custom"
      },
      {
        "lessThan": "5.9.1",
        "status": "affected",
        "version": "5.9",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103155

kc.mcafee.com/corporate/index?page=content&id=SB10227

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

9.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVELIST:CVE-2017-3936