CVE-2002-0690 — Use of Externally-Controlled Format String in Epolicy Orchestrator

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

17.8%

top 4.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Epolicy Orchestrator

Timeline

PublishedApr 11

Latest updateApr 30

Description

Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmcafee/epolicy_orchestrator2.5.1

Patches

Patch: www.atstake.com ↗Patch: www.securityfocus.com ↗Patch: www.atstake.com ↗

🔴Vulnerability Details

GHSA

GHSA-jvqf-8h2j-cccg: Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2↗2022-04-30

▶

CVEList

CVE-2002-0690: Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2↗2003-03-18

▶