CVE-2017-3936

MEDIUM

McAfee ePolicy Orchestrator <5.9.0-5.1.0 - Command Injection

Title source: llm

Description

OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103155

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10227

Scores

CVSS v3 6.2

EPSS 0.0548

EPSS Percentile 90.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-78

Status published

Products (7)

mcafee/epolicy_orchestrator 5.1.0

mcafee/epolicy_orchestrator 5.1.1

mcafee/epolicy_orchestrator 5.1.2

mcafee/epolicy_orchestrator 5.1.3

mcafee/epolicy_orchestrator 5.3.1

mcafee/epolicy_orchestrator 5.3.2

mcafee/epolicy_orchestrator 5.9.0

Published Jun 13, 2018

Tracked Since Feb 18, 2026