CVE-2003-0149 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Epolicy Orchestrator

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Epolicy Orchestrator

Timeline

PublishedAug 27

Latest updateApr 29

Description

Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmcafee/epolicy_orchestrator2.0, 2.5, 2.5.1+2

Patches

Patch: www.atstake.com ↗Patch: www.nai.com ↗Patch: www.atstake.com ↗

🔴Vulnerability Details

GHSA

GHSA-hc9c-69xv-fwcq: Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2↗2022-04-29

▶

CVEList

CVE-2003-0149: Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2↗2003-08-01

▶