McAfee ePolicy Orchestrator 5.1.x < 5.1.3 HF1193124 / 5.3.x < 5.3.1 HF1194398 / 5.3.2 < 5.3.2 HF1193123 / 5.9.x < 5.9.0 HF1193951 Path Traversal RCE (SB10196)

High Nessus Plugin ID 100572


A security management application installed on the remote Windows host is affected by a remote code execution vulnerability.


The version of McAfee ePolicy Orchestrator (ePO) installed on the remote Windows host is 5.1.x prior to 5.1.3 hotfix 1193124, 5.3.x prior to 5.3.1 hotfix 1194398, 5.3.2 prior to 5.3.2 hotfix 1193123, or 5.9.x prior to 5.9.0 hotfix 1193951. It is affected by a remote command execution vulnerability due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted request that uses directory traversal, to execute arbitrary commands.


Upgrade to McAfee ePO version 5.1.3 hotfix 1193124 / 5.3.1 hotfix 1194398 / 5.3.2 hotfix 1193123 / 5.9.0 hotfix 1193951 or later.

See Also

Plugin Details

Severity: High

ID: 100572

File Name: mcafee_epo_sb10196.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2017/06/01

Modified: 2017/08/15

Dependencies: 67119

Risk Information

Risk Factor: High


Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 8.8

Temporal Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:mcafee:epolicy_orchestrator

Required KB Items: SMB/Registry/Enumerated, installed_sw/McAfee ePO

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/05/18

Vulnerability Publication Date: 2017/05/18

Reference Information

CVE: CVE-2017-3980

BID: 98559

OSVDB: 157799