|
Family: Windows --> Category: infos
McAfee ePolicy Orchestrator HTTP Server Remote Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Acertains the version of ePO
Detailed Explanation for this Vulnerability Test
Synopsis :
Arbitrary code can be executed on the remote host due to a flaw in the
web service.
Description :
The remote host is running McAfee ePolicy Orchestrator web service.
The remote version of this software is vulnerable to a Stack Overflow
vulnerability.
An unauthenticated attacker can exploit this flaw by sending a
specialy crafted packet to the remote host. A successful exploitation
of this vulnerability would result in remote code execution with the
rights of the SYSTEM.
See also :
http://www.remote-exploit.org/advisories/mcafee-epo.pdf
Solution :
Install ePO 3.5.0 Patch 6.
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|