CVE-2017-3980 Intel McAfee ePolicy Orchestrator Directory Traversal Vulnerability (SB10196)

McAfee ePolicy Orchestrator (ePO) software centralizes and streamlines management of endpoint, network, content security and compliance solutions. McAfee ePolicy Orchestrator is prone to a directory traversal vulnerability which allows remote authenticated users toarbitrary commands.

Affected Versions:
McAfee ePO versions 5.1.3 and earlier
McAfee ePO versions 5.3.1 and earlier
McAfee ePO versions 5.3.2 and earlier
McAfee ePO versions 5.9.0 and earlier

QID Detection Logic (Authenticated:
The flags if it finds vulnerable version of ePolicy Orchestrator, which is checked by looking at the file version of the file "ePoSign.exe". The location of the file is found with the help of the registry key "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator" value "InstallFolder". The QID then check if the corresponding hotfix is applied or not for supported ePolicy Orchestrator build.

Successful exploitation of the vulnerability may allow remote authenticated users to execute arbitrary commands.

Customers are advised to review SB10196 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SB10196

上一篇：CVE-2016-6515