Vulnerabilities > CVE-2015-8765 - Remote Code Execution vulnerability in McAfee ePolicy Orchestrator Server

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mcafee
nessus

Summary

Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. <a href="https://cwe.mitre.org/data/definitions/502.html" rel="nofollow">CWE-502: Deserialization of Untrusted Data</a>

Nessus

NASL familyWindows
NASL idMCAFEE_EPO_SB10144.NASL
descriptionThe McAfee ePolicy Orchestrator (ePO) installed on the remote Windows host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the target host.
last seen2020-06-01
modified2020-06-02
plugin id88624
published2016-02-08
reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/88624
titleMcAfee ePolicy Orchestrator Java Object Deserialization RCE