| VID |
23173 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The ePolicy Orchestrator, according to its version number, has a directory traversal vulnerability in the CMA. McAfee ePolicy Orchestrator is the remote security management software for the McAfee enterprise product suite. McAfee Common Management (EPO) Agent versions prior to 3.5.5.438 of ePolicy Orchestrator could allow a remote attacker to traverse directories and execute arbitrary code on an affected system, caused due to an input validation error in the management console's Framework Service component (enabled by default on port 8081) that does not validate "PropsResponse" requests. A remote attacker could exploit this vulnerability to write malicious files to arbitrary locations and execute arbitrary code on the system.
* Note: This check solely relied on the version number of ePolicy Orchestrator on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://knowledge.mcafee.com/article/640/9925498_f.SAL_Public.html
http://www.eeye.com/html/research/advisories/AD20060713.html
http://www.frsirt.com/english/advisories/2006/2796
http://secunia.com/advisories/21037/
* Platforms Affected:
McAfee Common Management (EPO) Agent versions prior to 3.5.5.438
McAfee ePolicy Orchestrator versions 3.5.0 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of McAfee Common Management (EPO) Agent (3.5.5.438 or later), available from the McAfee Web site at http://knowledge.mcafee.com/article/640/9925498_f.SAL_Public.html |
| Related URL |
CVE-2006-3623 (CVE) |
| Related URL |
18979 (SecurityFocus) |
| Related URL |
27738 (ISS) |
|
