Vulnerabilities > CVE-2004-0038 - Remote Code Execution vulnerability in Mcafee Epolicy Orchestrator 2.5/2.5.1/3.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mcafee

NVD

Published: 2004-06-14

Updated: 2017-07-11

Summary

McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Epolicy Orchestrator 2.5 Mcafee Epolicy Orchestrator 2.5.1 Mcafee Epolicy Orchestrator 3.0	5

References

http://download.nai.com/products/patches/ePO/v2.x/Patch14.txt
http://www.osvdb.org/5626
http://www.securityfocus.com/bid/10200
http://xforce.iss.net/xforce/alerts/id/173
https://exchange.xforce.ibmcloud.com/vulnerabilities/14166