McAfee ePolicy Orchestrator HTTP GET Request Format String Vulnerability

info
discussion
exploit
solution
references

McAfee ePolicy Orchestrator HTTP GET Request Format String Vulnerability

A format string vulnerability has been discovered in the McAfee ePolicy Orchestrator Agent. The issue occurs when processing HTTP GET requests that contain format specifiers. The successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands with SYSTEM privileges.