APP: McAfee Framework ePolicy Orchestrator Format String

This signature detects attempts to exploit a known vulnerability against Mcafee ePolicy Orchestrator. Attackers can send unauthenticated UDP packets containing format strings, which allows the attacker to execute arbitrary code on the victim's machine.

Extended Description

McAfee Framework is prone to a remote format-string vulnerability. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of the framework or of an application that uses the framework. Failed attacks will likely cause denial-of-service conditions. McAfee Common Managemetn Agent 3.6.0.574 (Patch3) or earlier, McAfee Agent (MA) 4.0, Framework 2.6.0.569 and ePolicy Orchestrator 4.0 are vulnerable to this issue; other versions may also be affected. NOTE: This issue occurs only when the default debug level (7) is raised to 8.

Affected Products

Mcafee common_management_agent_(cma)

Short Name
APP:MCAFEE-ORCHESTRATOR-FS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2008-1357 Format Framework McAfee Orchestrator String bid:28228 ePolicy
Release Date
03/25/2008
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3729
Port
UDP/8082
False Positive
Unknown
Vendors

Mcafee

CVSS Score

5.4

Found a potential security threat?