McAfee Common Management Agent < UDP Packet Handling Format String

high Nessus Plugin ID 31732


A security management service running on the remote host is affected by a remote code execution vulnerability.


According to its banner, the version of McAfee Common Management Agent (CMA) running on the remote host is prior to It is, therefore, affected by a flaw in the logDetail() function of applib.dll due to calling vsnwprintf() without the needed format string argument. An unauthenticated, remote attacker can exploit this, via a specially crafted UDP packet, to cause a denial of service condition or the execution of arbitrary code. This issue only occurs when the debug level is set to 8 (the highest level but not the default). Note that Nessus has not checked the debug level setting, only the version number in the agent's banner.


Apply Hotfix BZ398370 Build 595 for McAfee Common Management Agent version 3.6.0 Patch 3.

See Also

Plugin Details

Severity: High

ID: 31732

File Name: mcafee_cma_3_6_0_595.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 4/3/2008

Updated: 1/19/2021

Configuration: Enable paranoid mode

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.6

Temporal Score: 6.5

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:W/RC:C


Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:mcafee:common_management_agent, cpe:/a:mcafee:epolicy_orchestrator

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/14/2008

Vulnerability Publication Date: 3/12/2008

Reference Information

CVE: CVE-2008-1357

BID: 28228

Secunia: 29337

EDB-ID: 31399

CWE: 134