CVE-2008-1357

medium

Trellix

CVSS v3 Base Score

5.4

AV:N/AC:H/Au:N/C:N/I:N/A:C

EPSS Score

27.9%

Exploitation probability in 30 days

Top 4% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

None

Integrity

None

Availability

Published: March 17, 2008 (6632 days ago)

Last Modified: April 23, 2026

Vendor: Trellix

Source: NVD

Description

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.

CWE

CWE-134

Affected Products

mcafee agentmcafee cmamcafee epolicy orchestratormcafee mcafee framework

References

🔗 aluigi.altervista.org 🔗 secunia.com 🔗 securityreason.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com

CVE-2008-1357

Vulnerability Report

Description

CWE

Affected Products

References