Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)

[greentea-lemon () blueyonder co uk]

** McAfee Security Bulletin - Common Management Agent 3.6.0 format string
vulnerability with debug level set to 8 **

https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=615103&sliceId=SAL_Public

This knowledgebase article shows the following versions as vulnerable:

CMA 3.6.0.574 (Patch3) or earlier
McAfee Agent (MA) 4.0

You need to change the debug level of the CMA product before you are at
risk (as defined in the knowledgebase article).