This script is Copyright (C) 2017 Tenable Network Security, Inc.
A security management application installed on the remote Windows
host is affected by a remote code execution vulnerability.
The version of McAfee ePolicy Orchestrator (ePO) installed on the
remote Windows host is 5.1.x prior to 5.1.3 hotfix 1193124, 5.3.x
prior to 5.3.1 hotfix 1194398, 5.3.2 prior to 5.3.2 hotfix 1193123, or
5.9.x prior to 5.9.0 hotfix 1193951. It is affected by a remote
command execution vulnerability due to improper sanitization of
user-supplied input. An authenticated, remote attacker can exploit
this, via a specially crafted request that uses directory traversal,
to execute arbitrary commands.
See also :
Upgrade to McAfee ePO version 5.1.3 hotfix 1193124 / 5.3.1 hotfix
1194398 / 5.3.2 hotfix 1193123 / 5.9.0 hotfix 1193951 or later.
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.4
Public Exploit Available : true