CVE-2006-5274

3 documents3 sources

Severity

7.6HIGH

EPSS

12.9%

top 5.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Common Management Agent Mcafee Epolicy Orchestrator Mcafee Protectionpilot

Timeline

PublishedJul 12

Latest updateMay 1

Description

Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶NVDmcafee/common_management_agent3.6.0.438

▶NVDmcafee/epolicy_orchestrator3.5.0, 3.6.0+1

▶NVDmcafee/protectionpilot1.1.1, 1.5.0+1

Patches

Patch: knowledge.mcafee.com ↗Patch: knowledge.mcafee.com ↗

🔴Vulnerability Details

GHSA

GHSA-3gxp-2868-6qrc: Integer overflow in McAfee ePolicy Orchestrator 3↗2022-05-01

▶

CVEList

CVE-2006-5274: Integer overflow in McAfee ePolicy Orchestrator 3↗2007-07-12

▶