Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
McAfee Security ePolicy Orchestrator ComputerList远程格式串处理漏洞
Vulnerability Description
McAfee Security ePolicy Orchestrator是一款企业级反病毒管理工具。ePolicy Orchestrator是策略驱动配置,并包含报告工具。 McAfee ePolicy Orchestrator对部分POST请求处理不正确,远程攻击者可以利用这个漏洞进行格式字符串攻击,可能以ePO进程权限在系统上执行任意指令。 如果发送包含多个格式字符串字符的ComputerList参数POST请求到服务器,可导致当常识记录名字解析失败日志时服务崩溃。精心构建提交数据可能以ePO进程权限
CVSS Information
N/A
Vulnerability Type
N/A