This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
A security management application installed on the remote Windows host
is affected by a remote code execution vulnerability.
The McAfee ePolicy Orchestrator (ePO) installed on the remote Windows
host is affected by a remote code execution vulnerability due to
unsafe deserialize calls of unauthenticated Java objects to the Apache
Commons Collections (ACC) library. An unauthenticated, remote attacker
can exploit this to execute arbitrary code on the target host.
See also :
Upgrade to McAfee ePO version 5.1.3 / 5.3.1 and then apply hotfix
EPO5xHF1106041.zip. A patch for ePO version 5.1.4 is scheduled to be
released in Q2 of 2016.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true