CVE-2008-1357

Published Mar 17, 2008

Last updated 6 years ago

Overview

Description: Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.4
Impact score: 6.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-134

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:agent:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43953695-9C35-4CC3-9591-D03866731F47"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:cma:3.0.6.453:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B7D230B-845A-4E83-B86C-000CDBAC937F"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:cma:3.5.5.438:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A0590CC-B03B-472B-A5FF-F6A316DBE2DC"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:cma:3.6.438:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BD368FB-2683-4321-9491-CB757511AD49"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:cma:3.6.453:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F64F9F3F-F835-4769-9A5B-A05ED2AE7850"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:cma:3.6.546:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C0AE0A0-E56A-4B93-B45B-037C09EA69C3"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:cma:3.6.574:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFF00F5B-4272-49CC-A9CE-4CCD20F5DB3E"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "485DB16F-730A-44B2-A255-2583AB27DB9C"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:mcafee_framework:3.6.569:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6330056D-1DAF-4821-90E5-1E9E52594A25"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References