CVE-2006-3623 — Path Traversal in Epolicy Orchestrator Agent

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Epolicy Orchestrator Agent

Timeline

PublishedJul 18

Latest updateMay 1

Description

Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmcafee/epolicy_orchestrator_agent3.5.0

🔴Vulnerability Details

GHSA

GHSA-wjpp-mpw3-qh2r: Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3↗2022-05-01

▶

CVEList

CVE-2006-3623: Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3↗2006-07-14

▶