CVE-2017-3936OS Command Injection in Epolicy Orchestrator

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
CNA6.2
EPSS
5.5%
top 9.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mcafee Epolicy Orchestrator
Timeline
PublishedJun 13
Latest updateMay 13

Description

OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5mcafee/epolicy_orchestrator5.15.3.3+2
NVDmcafee/epolicy_orchestrator7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-j3gw-v5qx-v2xm: OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 52022-05-13
CVEList
McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability2018-06-13
CVE-2017-3936 — OS Command Injection in Mcafee | cvebase