McAfee ePolicy Orchestrator Agent < Log Viewer DoS

High Nessus Plugin ID 97213


A security management application agent running on the remote host is affected by a denial of service vulnerability.


According to its self-reported version, the McAfee ePolicy Orchestrator (ePO) Agent running on the remote host is 5.0.x prior to It is, therefore, affected by a flaw in its remote log viewer component due to improper validation of input to an unspecified HTTP GET parameter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL request, to cause a denial of service condition.

Note that that exploitation of this vulnerability requires that both the Agent's log viewing functionality is enabled and the remote log access is not restricted to ePO administrators only. However, these are not set by default.


Upgrade McAfee ePO Agent to version or later.

See Also

Plugin Details

Severity: High

ID: 97213

File Name: mcafee_epo_agent_sb10183.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Misc.

Published: 2017/02/16

Modified: 2017/02/21

Dependencies: 97212

Risk Information

Risk Factor: High


Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/a:mcafee:epolicy_orchestrator_agent

Required KB Items: installed_sw/McAfee ePO Agent

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/01/17

Vulnerability Publication Date: 2017/01/17

Reference Information

CVE: CVE-2017-3896

BID: 95903

OSVDB: 151236


IAVA: 2017-A-0035