CVE-2017-3980

7.2HIGH

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator (epo)
Vendor: CVE Published:; 18 May 2017

Summary

A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.

Affected Version(s)

ePolicy Orchestrator (ePO) 5.9.0 and earlier

ePolicy Orchestrator (ePO) 5.3.2 and earlier

ePolicy Orchestrator (ePO) 5.1.3 and earlier

References

http://www.securityfocus.com/bid/98559

vdb-entryx_refsource_BID

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2017
Vulnerability Reserved
Dec 26, 2016