CVE-2015-7310

Published Sep 22, 2015

Last updated 8 years ago

CVSS info 6.5

Overview

Description: McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:*:mr17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84AC48F4-1DC5-4CBF-A73F-75B464F03823",
            "versionEndIncluding": "9.3.2"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:*:mr7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C165E873-A035-43D4-BEBD-31370F5CE7AB",
            "versionEndIncluding": "9.4.2"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:*:mr6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "518C559B-5022-438A-B318-63E3D28F8499",
            "versionEndIncluding": "9.5.0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager\\/log_manager:*:mr17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EBDF7FE-2EAF-4E0E-882E-CC1D6D239747",
            "versionEndIncluding": "9.3.2"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager\\/log_manager:*:mr7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CE2B497-73FC-413E-9A1E-F38A4AE92634",
            "versionEndIncluding": "9.4.2"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager\\/log_manager:*:mr6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4BCAA0E-E4E0-44B0-B2EA-72EC15D29C70",
            "versionEndIncluding": "9.5.0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager\\/receiver:*:mr17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD6194CE-44D3-461F-A1C9-5E51E46052F3",
            "versionEndIncluding": "9.3.2"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager\\/receiver:*:mr7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CC14107-BF37-4A08-AA51-46BF0B0EDA7C",
            "versionEndIncluding": "9.4.2"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager\\/receiver:*:mr6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABD392BE-769D-4AA2-A888-5791DA3BFBB3",
            "versionEndIncluding": "9.5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References