What is the severity of CVE-2017-3936?

CVE-2017-3936 is classified as a moderate severity vulnerability due to the potential for unauthorized command execution.

How do I fix CVE-2017-3936?

To mitigate CVE-2017-3936, upgrade to the latest version of McAfee ePolicy Orchestrator that addresses this vulnerability.

What impact does CVE-2017-3936 have on affected systems?

CVE-2017-3936 allows attackers to execute arbitrary operating system commands on affected McAfee ePolicy Orchestrator systems.

Which versions of McAfee ePolicy Orchestrator are affected by CVE-2017-3936?

CVE-2017-3936 affects McAfee ePolicy Orchestrator versions 5.1.0 through 5.9.0.

Is there an exploit available for CVE-2017-3936?

Yes, CVE-2017-3936 can be exploited by crafting malicious input that is not properly sanitized before being processed.

Vulnerability/
CVE-2017-3936

critical

9.8

CWE

78 77

13/6/2018

9/10/2019

CVE-2017-3936: OS Command Injection

First published: Wed Jun 13 2018(Updated: )

OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.

Credit: psirt@mcafee.com

Affected Software	Affected Version	How to fix
Trellix ePolicy Orchestrator	=5.1.0
Trellix ePolicy Orchestrator	=5.1.1
Trellix ePolicy Orchestrator	=5.1.2
Trellix ePolicy Orchestrator	=5.1.3
Trellix ePolicy Orchestrator	=5.3.1
Trellix ePolicy Orchestrator	=5.3.2
Trellix ePolicy Orchestrator	=5.9.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-3936?
CVE-2017-3936 is classified as a moderate severity vulnerability due to the potential for unauthorized command execution.
How do I fix CVE-2017-3936?
To mitigate CVE-2017-3936, upgrade to the latest version of McAfee ePolicy Orchestrator that addresses this vulnerability.
What impact does CVE-2017-3936 have on affected systems?
CVE-2017-3936 allows attackers to execute arbitrary operating system commands on affected McAfee ePolicy Orchestrator systems.
Which versions of McAfee ePolicy Orchestrator are affected by CVE-2017-3936?
CVE-2017-3936 affects McAfee ePolicy Orchestrator versions 5.1.0 through 5.9.0.
Is there an exploit available for CVE-2017-3936?
Yes, CVE-2017-3936 can be exploited by crafting malicious input that is not properly sanitized before being processed.

agent/references
agent/weakness
agent/type
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/author
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/mcafee
canonical/mcafee epolicy orchestrator
version/mcafee epolicy orchestrator/5.1.0
version/mcafee epolicy orchestrator/5.1.1
version/mcafee epolicy orchestrator/5.1.2
version/mcafee epolicy orchestrator/5.1.3
version/mcafee epolicy orchestrator/5.3.1
version/mcafee epolicy orchestrator/5.3.2
version/mcafee epolicy orchestrator/5.9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.