Vulnerability Details : CVE-2015-3987
Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors.
Products affected by CVE-2015-3987
- cpe:2.3:a:mcafee:epo_deep_command:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epo_deep_command:2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3987
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3987
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-3987
-
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3987
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10115
Vendor Advisory
-
http://www.securityfocus.com/bid/74685
McAfee ePO Deep Command CVE-2015-3987 Multiple Local Privilege Escalation VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1032244
McAfee ePolicy Orchestrator Deep Command Unquoted Executable Path Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to