CVE-2009-5115 - OpenCVE

McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mcafee	Common Management Agent

Configuration 1 [-]

OR	cpe:2.3:a:mcafee:common_management_agent:3.5.5.438:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.5.5.568:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.5.5.577:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.5.5.580:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.5.5.588:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.6.0.438:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.6.0.453:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.6.0.546:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.6.0.569:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.6.0.574:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.6.0.595:::::::*
	cpe:2.3:a:mcafee:common_management_agent:3.6.0.603:::::::*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/78446
https://kc.mcafee.com/corporate/index?page=content&id=SB10002	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2012-08-22T10:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-08-22T00:00:00

Link: CVE-2009-5115

JSON object: View

NVD Information

Status : Modified

Published: 2012-08-22T10:42:03.523

Modified: 2017-08-29T01:29:03.033

Link: CVE-2009-5115

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-17T00:00:00", "descriptions": [{"lang": "en", "value": "McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10002"}, {"name": "mcafee-cma-file-overwrite(78446)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78446"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-5115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10002", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10002"}, {"name": "mcafee-cma-file-overwrite(78446)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78446"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-5115", "datePublished": "2012-08-22T10:00:00", "dateReserved": "2012-08-22T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.5.5.438:*:*:*:*:*:*:*", "matchCriteriaId": "E2A376DB-CC55-434C-AD61-8DF2B5DE7647", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.5.5.568:*:*:*:*:*:*:*", "matchCriteriaId": "FE95EBCC-6268-4605-98D2-92EFFCA38DAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.5.5.577:*:*:*:*:*:*:*", "matchCriteriaId": "F0885BB5-7030-498E-B48D-CC14F8741AEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.5.5.580:*:*:*:*:*:*:*", "matchCriteriaId": "341EA9D7-C82F-41AC-88BA-69273226E17B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.5.5.588:*:*:*:*:*:*:*", "matchCriteriaId": "BDA5C527-5770-4B91-A2A5-0C96CE4C91B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.6.0.438:*:*:*:*:*:*:*", "matchCriteriaId": "C5A9ECA8-BE32-4A05-9E65-3C8F8A34227D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.6.0.453:*:*:*:*:*:*:*", "matchCriteriaId": "857A25D8-06F5-4B3A-A6FA-71B3472961A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.6.0.546:*:*:*:*:*:*:*", "matchCriteriaId": "33587225-BE54-45A1-97FD-2274673F9AE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.6.0.569:*:*:*:*:*:*:*", "matchCriteriaId": "E3D30ADB-7A7C-413D-8D87-5AAF7399C43B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.6.0.574:*:*:*:*:*:*:*", "matchCriteriaId": "61BB94AF-676E-465B-AEFB-019EEFA3EACF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.6.0.595:*:*:*:*:*:*:*", "matchCriteriaId": "1B57AB6D-0C75-4191-B375-4EA832352BC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:common_management_agent:3.6.0.603:*:*:*:*:*:*:*", "matchCriteriaId": "3CFAE871-654E-46AE-BD15-04790F97E0B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object."}, {"lang": "es", "value": "McAfee Common Management Agent (CMA) v3.5.5 hasta v3.5.5.588 y v3.6.0 hasta v3.6.0.608, y McAfee Agent v4.0 anteriores a Patch 3, permite a usuarios remotos autentificados a sobreescribir ficheros accediendo al objeto COM que es un control ActiveX (report-writing )."}], "id": "CVE-2009-5115", "lastModified": "2017-08-29T01:29:03.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-22T10:42:03.523", "references": [{"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78446"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10002"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}