This script is Copyright (C) 2017 Tenable Network Security, Inc.
A security management application agent running on the remote host is
affected by a denial of service vulnerability.
According to its self-reported version, the McAfee ePolicy
Orchestrator (ePO) Agent running on the remote host is 5.0.x prior to
22.214.171.1249. It is, therefore, affected by a flaw in its remote log
viewer component due to improper validation of input to an unspecified
HTTP GET parameter. An unauthenticated, remote attacker can exploit
this, via a specially crafted URL request, to cause a denial of
Note that that exploitation of this vulnerability requires that both
the Agent's log viewing functionality is enabled and the remote log
access is not restricted to ePO administrators only. However, these
are not set by default.
See also :
Upgrade McAfee ePO Agent to version 126.96.36.1999 or later.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.3
Public Exploit Available : false