McAfee ePolicy Orchestrator Agent < 5.0.4.449 Log Viewer DoS

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A security management application agent running on the remote host is
affected by a denial of service vulnerability.

Description :

According to its self-reported version, the McAfee ePolicy
Orchestrator (ePO) Agent running on the remote host is 5.0.x prior to
5.0.4.449. It is, therefore, affected by a flaw in its remote log
viewer component due to improper validation of input to an unspecified
HTTP GET parameter. An unauthenticated, remote attacker can exploit
this, via a specially crafted URL request, to cause a denial of
service condition.

Note that that exploitation of this vulnerability requires that both
the Agent's log viewing functionality is enabled and the remote log
access is not restricted to ePO administrators only. However, these
are not set by default.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10183

Solution :

Upgrade McAfee ePO Agent to version 5.0.4.449 or later.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 97213 ()

Bugtraq ID: 95903

CVE ID: CVE-2017-3896

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now