PT-2013-2127 · Mcafee · Mcafee Epolicy Orchestrator

Jerome Nokin

Published

2013-05-01

Updated

2017-11-16

CVE-2013-0141

CVSS v2.0

4.3

Medium

Vector

AV:A/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions McAfee ePolicy Orchestrator (ePO) versions prior to 4.5.7 McAfee ePolicy Orchestrator (ePO) versions 4.6.x prior to 4.6.6

Description A directory traversal issue allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel. This can be demonstrated by writing to the Software/ directory.

Recommendations For versions prior to 4.5.7, update to version 4.5.7 or later. For versions 4.6.x prior to 4.6.6, update to version 4.6.6 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2013-0141

Affected Products

Mcafee Epolicy Orchestrator

PT-2013-2127 · Mcafee · Mcafee Epolicy Orchestrator

CVE-2013-0141

Weakness Enumeration

Related Identifiers

Affected Products

References · 6