CVE-2008-1357

McAfee Common Management Agent <= 3.6.0.574 - Remote Code Execution via Format String in AgentWakeup Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1357. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes a remote format-string vulnerability in McAfee Framework, which can lead to arbitrary code execution or denial-of-service conditions. The vulnerability is exploitable only when the debug level is raised to 8.

Description

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/31399

View Code ZIP pw:eip

The provided text describes a remote format-string vulnerability in McAfee Framework, which can lead to arbitrary code execution or denial-of-service conditions. The vulnerability is exploitable only when the debug level is raised to 8.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: McAfee Common Management Agent 3.6.0.574 (Patch3) or earlier, McAfee Agent (MA) 4.0, Framework 2.6.0.569, ePolicy Orchestrator 4.0

No auth needed

Prerequisites: Debug level set to 8

MITRE ATT&CK