CVE-2015-3987 英特尔McAfee ePolicy Orchestrator深命令搜索路径本地权限提升漏洞引号 (SB10115)

McAfee ePolicy Orchestrator (ePO) software centralizes and streamlines management of endpoint, network, content security and compliance solutions. McAfee ePO Deep Command version 2.1 and 2.2 are vulnerable to an unquoted binary path exploit.

Affected Versions:
McAfee ePO Deep Command Client Management version 2.1 prior to Hotfix 1058831
McAfee ePO Deep Command Gateway version 2.2 prior to Hotfix 1058831

A local attacker could exploit this vulnerability to escalate privileges on the system.

Customers are advised to review SB10115 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SB10115