This script is Copyright (C) 2013 Tenable Network Security, Inc.
A security management application installed on the remote Windows host
has a SQL injection vulnerability.
According to its self-reported version number, the version of ePO
Extension for McAfee Agent installed on the remote host has multiple
blind SQL injection vulnerabilities. A remote, authenticated user
could exploit this to execute arbitrary SQL queries, resulting in
arbitrary code execution with SYSTEM privileges.
Versions 4.5 and 4.6 of the extension are affected.
See also :
Upgrade to ePO Extension for McAfee Agent version 4.8 or later, or
apply the hotfix for version 4.6 referenced in McAfee Security
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.4
Public Exploit Available : true