CVE-2015-8988

HIGH

McAfee ePO Deep Command 2.1-2.2 - Authenticated Command Injection via Unquoted Executable Path

Title source: llm
STIX 2.1

Description

Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10115

Scores

CVSS v3 8.8
EPSS 0.0058
EPSS Percentile 69.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (3)
Intel/ePO Deep Command (eDC) 2.2 and 2.1
mcafee/epo_deep_command 2.1
mcafee/epo_deep_command 2.2
Published Mar 14, 2017
Tracked Since Feb 18, 2026