CVE-2015-3987

Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/74685	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032244	Third Party Advisory VDB Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10115	Vendor Advisory
http://www.securityfocus.com/bid/74685	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032244	Third Party Advisory VDB Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10115	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:epo_deep_command:2.1:::::::*
	cpe:2.3:a:mcafee:epo_deep_command:2.2:::::::*

History

No history.

Information

Published : 2015-05-14 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-3987

Mitre link : CVE-2015-3987

CVE.ORG link : CVE-2015-3987

JSON object : View

Products Affected

mcafee

epo_deep_command

CWE

CWE-426

Untrusted Search Path

{"id": "CVE-2015-3987", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-05-14T14:59:14.507", "references": [{"url": "http://www.securityfocus.com/bid/74685", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1032244", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10115", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/74685", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032244", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10115", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ruta no confiable en la b\u00fasqueda no literal de Windows en el (1) Client Management y (2) Gateway en McAfee ePO Deep Command 2.1 y 2.2 anterior a HF 1058831 permite a usuarios locales ganar privilegios mediante vectores desconocidos."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:epo_deep_command:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9F100FC-C6E9-4972-9892-73D44BEE0792"}, {"criteria": "cpe:2.3:a:mcafee:epo_deep_command:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD1FD9A2-7761-4170-9C53-388CC07E03BB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}