McAfee ePolicy Orchestrator command execution

epolicy-execute-commands (14166) The risk level is classified as HighHigh Risk

Description:

McAfee ePolicy Orchestrator (ePo) could allow an attacker to gain unauthorized access. By sending a specially-crafted HTTP request, a remote attacker could install arbitrary files, including executables, on the system and possibly gain Administrator access to the vulnerable ePo server. In certain configurations this vulnerability could lead to enterprise-wide exploitation.


Consequences:

Gain Access

Remedy:

Apply Patch 4 for ePolicy Orchestrator version 3.0 Service Pack 2a, available from the McAfee Security Hotfix Web page. See References.

References:

Platforms Affected:

  • McAfee ePolicy Orchestrator 2.5 SP1
  • McAfee ePolicy Orchestrator 2.5
  • McAfee ePolicy Orchestrator 2.5.1
  • McAfee ePolicy Orchestrator 3.0 SP2a
  • McAfee ePolicy Orchestrator 3.0

Reported:

Apr 23, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page