Описание
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mcafee:epolicy_orchestrator:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01965
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
EPSS
Процентиль: 83%
0.01965
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other