McAfee ePolicy Orchestrator Server Remote Code Execution Vulnerability

info
discussion
exploit
solution
references

McAfee ePolicy Orchestrator Server Remote Code Execution Vulnerability

McAfee ePolicy Orchestrator has been reported prone to a remote code execution vulnerability. The issue is reported to be triggered when certain HTTP POST requests are handled by the McAfee ePolicy Orchestrator server.

An attacker may exploit this issue to execute code in the context of the affected software, and distribute this code across ePolicy Orchestrator infrastructure.