CVE-2013-0141
McAfee ePolicy Orchestrator < 4.5.7/4.6.x < 4.6.6 - Path Traversal & Arbitrary File Write
Title source: llmDescription
Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.
References (4)
Core 4
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/209131
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10042
Various Sources third-party-advisory
x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-193A
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/289
Scores
EPSS
0.0042
EPSS Percentile
62.2%
Details
CWE
CWE-22
Status
published
Products (19)
mcafee/epolicy_orchestrator
2.0
mcafee/epolicy_orchestrator
2.5 (2 CPE variants)
mcafee/epolicy_orchestrator
2.5.1
mcafee/epolicy_orchestrator
3.0 (2 CPE variants)
mcafee/epolicy_orchestrator
3.5.0
mcafee/epolicy_orchestrator
3.6.0
mcafee/epolicy_orchestrator
3.6.1
mcafee/epolicy_orchestrator
4.0
mcafee/epolicy_orchestrator
4.5.0
mcafee/epolicy_orchestrator
4.5.3
... and 9 more
Published
May 01, 2013
Tracked Since
Feb 18, 2026