Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0095Improper Restriction of Operations within the Bounds of a Memory Buffer in Epolicy Orchestrator

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
6.0%
top 9.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mcafee Epolicy Orchestrator
Timeline
PublishedFeb 17
Latest updateApr 29

Description

McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-45gv-7qfm-2g52: McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary c2022-04-29
CVEList
CVE-2004-0095: McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary c2004-09-01

💥Exploits & PoCs

1
Exploit-DB
McAfee ePolicy Orchestrator 1.x/2.x/3.0 Agent - POST Buffer Mismanagement2004-01-22
CVE-2004-0095 — Mcafee vulnerability | cvebase