Directory Traversal Vulnerability in McAfee ePolicy Orchestrator
CVE-2017-3980

7.2HIGH

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator (epo)
Vendor: CVE Published:; 18 May 2017

What is CVE-2017-3980?

A directory traversal vulnerability exists in the ePO Extension of McAfee ePolicy Orchestrator, allowing remote authenticated users to exploit this flaw. By leveraging an authenticated ePO session, attackers can execute arbitrary commands on the system, potentially leading to unauthorized access and control over the affected environment. This type of vulnerability raises significant security concerns, necessitating prompt action for affected users to mitigate associated risks.

Affected Version(s)

ePolicy Orchestrator (ePO) 5.9.0 and earlier

ePolicy Orchestrator (ePO) 5.3.2 and earlier

ePolicy Orchestrator (ePO) 5.1.3 and earlier

References

http://www.securityfocus.com/bid/98559

vdb-entryx_refsource_BID

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2017
Vulnerability Reserved
Dec 26, 2016

Mcafee

What is CVE-2017-3980?

Affected Version(s)

References

CVSS V3.1

Timeline