McAfee ePO Extension for McAfee Agent Multiple Blind SQL Injection (SB10043)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

A security management application installed on the remote Windows host
has a SQL injection vulnerability.

Description :

According to its self-reported version number, the version of ePO
Extension for McAfee Agent installed on the remote host has multiple
blind SQL injection vulnerabilities. A remote, authenticated user
could exploit this to execute arbitrary SQL queries, resulting in
arbitrary code execution with SYSTEM privileges.

Versions 4.5 and 4.6 of the extension are affected.

See also :

Solution :

Upgrade to ePO Extension for McAfee Agent version 4.8 or later, or
apply the hotfix for version 4.6 referenced in McAfee Security
Bulletin SB10043.

Risk factor :

High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.4
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 67120 ()

Bugtraq ID: 61421

CVE ID: CVE-2013-4882