McAfee ePO Extension for McAfee Agent Multiple Blind SQL Injection (SB10043)
High Nessus Plugin ID 67120
SynopsisA security management application installed on the remote Windows host has a SQL injection vulnerability.
DescriptionAccording to its self-reported version number, the version of ePO Extension for McAfee Agent installed on the remote host has multiple blind SQL injection vulnerabilities. A remote, authenticated user could exploit this to execute arbitrary SQL queries, resulting in arbitrary code execution with SYSTEM privileges.
Versions 4.5 and 4.6 of the extension are affected.
SolutionUpgrade to ePO Extension for McAfee Agent version 4.8 or later, or apply the hotfix for version 4.6 referenced in McAfee Security Bulletin SB10043.