Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5156 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Epolicy Orchestrator

6 documents5 sources

Severity

10.0CRITICALNVD

EPSS

83.0%

top 0.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mcafee Epolicy Orchestrator Mcafee Protectionpilot

Timeline

PublishedOct 5

Latest updateMay 1

Description

Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmcafee/epolicy_orchestrator3.0, 3.5.0+1

▶NVDmcafee/protectionpilot1.1.1

Patches

Patch: download.nai.com ↗Patch: download.nai.com ↗Patch: knowledge.mcafee.com ↗

🔴Vulnerability Details

GHSA

GHSA-8494-c7m6-c38m: Buffer overflow in McAfee ePolicy Orchestrator before 3↗2022-05-01

▶

OSV

CVE-2007-5156: Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload↗2007-10-01

▶

CVEList

CVE-2006-5156: Buffer overflow in McAfee ePolicy Orchestrator before 3↗2006-10-03

▶

💥Exploits & PoCs

Exploit-DB

McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit)↗2010-09-20

▶

Exploit-DB

McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - Source Remote (Metasploit)↗2006-10-01

▶