McAfee ePolicy Orchestrator CSV File Handling Arbitrary Command Execution (SB10227)
Medium Nessus Plugin ID 110813
SynopsisThe remote host is affected by arbitrary command execution.
DescriptionThe remote host is running a version of McAfee ePolicy Orchestrator that contains a flaw that is triggered as user-supplied input passed via CSV files is not properly sanitized. This may allow a context- dependent attacker to potentially execute arbitrary commands.
SolutionUpgrade to ePO 5.9.1 or later.