CVE-2003-0616Use of Externally-Controlled Format String in Epolicy Orchestrator

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.0%
top 16.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mcafee Epolicy Orchestrator
Timeline
PublishedAug 27
Latest updateApr 29

Description

Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmcafee/epolicy_orchestrator2.0, 2.5, 2.5.1+2

🔴Vulnerability Details

2
GHSA
GHSA-3vcr-m67m-mr3p: Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 22022-04-29
CVEList
CVE-2003-0616: Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 22003-08-01
CVE-2003-0616 — Mcafee vulnerability | cvebase