Vulnerability Description
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Epolicy Orchestrator | 2.0 |
References
- http://www.atstake.com/research/advisories/2003/a073103-1.txtPatchVendor Advisory
- http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.aspPatchVendor Advisory
- http://www.atstake.com/research/advisories/2003/a073103-1.txtPatchVendor Advisory
- http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.aspPatchVendor Advisory
FAQ
What is CVE-2003-0148?
CVE-2003-0148 is a vulnerability with a CVSS score of 7.2 (HIGH). The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username an...
How severe is CVE-2003-0148?
CVE-2003-0148 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0148?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Epolicy Orchestrator.