CVE-2015-7310 — OS Command Injection in Enterprise Security Manager

CWE-78 — OS Command Injection3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 34.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Enterprise Security Manager Mcafee Enterprise Security Manager LOG Manager Mcafee Enterprise Security Manager Receiver

Timeline

PublishedSep 22

Latest updateMay 17

Description

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmcafee/enterprise_security_manager_receiver9.3.2+2

▶NVDmcafee/enterprise_security_manager9.3.2+2

▶NVDmcafee/enterprise_security_manager_log_manager9.3.2+2

🔴Vulnerability Details

GHSA

GHSA-x85c-wgp5-v66x: McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9↗2022-05-17

▶

CVEList

CVE-2015-7310: McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9↗2015-09-22

▶