Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1855CMA vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
CNA7.6
EPSS
23.3%
top 4.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mcafee CMA
Timeline
PublishedApr 16
Latest updateMay 1

Description

FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmcafee/cma3.6.0.574

🔴Vulnerability Details

2
GHSA
GHSA-j55f-jpf8-gg6v: FrameworkService2022-05-01
CVEList
CVE-2008-1855: FrameworkService2008-04-16

💥Exploits & PoCs

1
Exploit-DB
Mcafee EPO 4.0 - 'FrameworkService.exe' Remote Denial of Service2008-04-02
CVE-2008-1855 — Mcafee CMA vulnerability | cvebase