CVE-2017-3936 Information

Description

OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0 5.3.2 5.3.1 5.1.3 5.1.2 5.1.1 and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/103155 https://kc.mcafee.com/corporate/index?page=content&id=SB10227

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8