// For flags

CVE-2008-1357

McAfee Framework ePolicy 3.x - Orchestrator '_naimcomn_Log' Remote Format String

Severity Score

8.4
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.

Vulnerabilidad en el formato de cadena en la función logDetail de applib.dlld en McAfee Common Management Agent (CMA) 3.6.0.574 (Parche 3) y anteriores, como se utiliza en ePolicy Orchestrator 4.0.0 build 1015, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección a través de formatos de especificadores de formatos de cadena en un fichero de envío en una solicitud AgentWakeup en el puerto 8082. NOTA: esta vulnerabilidad sólo sucede cuando se está en un nivel 8 de depuración.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-03-12 First Exploit
  • 2008-03-17 CVE Reserved
  • 2008-03-17 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-134: Use of Externally-Controlled Format String
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mcafee
Search vendor "Mcafee"
 Agent
Search vendor "Mcafee" for product "Agent"
 4.0
Search vendor "Mcafee" for product "Agent" and version "4.0"
-
Affected
Mcafee
Search vendor "Mcafee"
 Cma
Search vendor "Mcafee" for product "Cma"
 3.0.6.453
Search vendor "Mcafee" for product "Cma" and version "3.0.6.453"
-
Affected
Mcafee
Search vendor "Mcafee"
 Cma
Search vendor "Mcafee" for product "Cma"
 3.5.5.438
Search vendor "Mcafee" for product "Cma" and version "3.5.5.438"
-
Affected
Mcafee
Search vendor "Mcafee"
 Cma
Search vendor "Mcafee" for product "Cma"
 3.6.438
Search vendor "Mcafee" for product "Cma" and version "3.6.438"
-
Affected
Mcafee
Search vendor "Mcafee"
 Cma
Search vendor "Mcafee" for product "Cma"
 3.6.453
Search vendor "Mcafee" for product "Cma" and version "3.6.453"
-
Affected
Mcafee
Search vendor "Mcafee"
 Cma
Search vendor "Mcafee" for product "Cma"
 3.6.546
Search vendor "Mcafee" for product "Cma" and version "3.6.546"
-
Affected
Mcafee
Search vendor "Mcafee"
 Cma
Search vendor "Mcafee" for product "Cma"
 3.6.574
Search vendor "Mcafee" for product "Cma" and version "3.6.574"
-
Affected
Mcafee
Search vendor "Mcafee"
 Epolicy Orchestrator
Search vendor "Mcafee" for product "Epolicy Orchestrator"
 4.0
Search vendor "Mcafee" for product "Epolicy Orchestrator" and version "4.0"
-
Affected
Mcafee
Search vendor "Mcafee"
 Mcafee Framework
Search vendor "Mcafee" for product "Mcafee Framework"
 3.6.569
Search vendor "Mcafee" for product "Mcafee Framework" and version "3.6.569"
-
Affected