Detections
Analytics
McAfee ePO Extension for McAfee Agent Multiple Blind SQL Injection (SB10043)
medium Nessus Plugin ID 67120
Language:
Synopsis
A security management application installed on the remote Windows host has a SQL injection vulnerability.Description
According to its self-reported version number, the version of ePO Extension for McAfee Agent installed on the remote host has multiple blind SQL injection vulnerabilities. A remote, authenticated user could exploit this to execute arbitrary SQL queries, resulting in arbitrary code execution with SYSTEM privileges.Versions 4.5 and 4.6 of the extension are affected.
Solution
Upgrade to ePO Extension for McAfee Agent version 4.8 or later, or apply the hotfix for version 4.6 referenced in McAfee Security Bulletin SB10043.See Also
https://seclists.org/bugtraq/2013/Jul/80
https://kc.mcafee.com/corporate/index?page=content&id=SB10043
https://kc.mcafee.com/corporate/index?page=content&id=KB78824
Plugin Details
Severity: Medium
ID: 67120
File Name: mcafee_epo_sb10043.nasl
Version: 1.20
Type: local
Agent: windows
Family: Windows
Published: 7/1/2013
Updated: 6/19/2020
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.1
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2013-4882
Vulnerability Information
CPE: cpe:/a:mcafee:epolicy_orchestrator
Required KB Items: SMB/mcafee_epo/Path, SMB/mcafee_epo/ver
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/9/2013
Vulnerability Publication Date: 5/9/2013
Reference Information
CVE: CVE-2013-4882
BID: 61421
IAVA: 2013-A-0117-S
MCAFEE-SB: SB10043