CVE-2017-3936
6.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| McAfee | ePolicy Orchestrator (ePO) | 5.1 < 5.3.3 | affected |
| McAfee | ePolicy Orchestrator (ePO) | 5.3 < 5.3.3 | affected |
| McAfee | ePolicy Orchestrator (ePO) | 5.9 < 5.9.1 | affected |
Weaknesses
- OS Command Injection vulnerability
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/103155
- https://kc.mcafee.com/corporate/index?page=content&id=SB10227
References
- http://www.securityfocus.com/bid/103155
- https://kc.mcafee.com/corporate/index?page=content&id=SB10227
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.