CVE-2017-3902 Mcafee CVE debrief

Who should care

Administrators and security teams responsible for Intel Security ePO deployments, especially environments running 5.1.0, 5.1.1, 5.1.2, or 5.1.3. Any organization allowing authenticated access to the ePO web interface should treat this as a patching and web-application-input-validation review item.

Technical summary

NVD classifies the weakness as CWE-79 (Cross-Site Scripting) and lists the affected CPEs as McAfee ePolicy Orchestrator 5.1.0 through 5.1.3. The CVSS vector is CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating an authenticated, user-interaction-dependent web UI attack that can impact confidentiality and integrity at low levels but not availability.

Defensive priority

Medium. The flaw requires authentication and user interaction, but it is network-reachable and affects a management web UI, so it should be addressed promptly in environments that expose ePO to multiple admins or broader internal access.

Recommended defensive actions

• Apply the vendor remediation referenced in McAfee Security Bulletin SB10184.
• Verify whether any instance of Intel Security ePO 5.1.0, 5.1.1, 5.1.2, or 5.1.3 is in use.
• Restrict access to the ePO web UI to trusted administrative users and networks only.
• Review and harden input validation and output encoding controls in any custom integrations or extensions that interact with the ePO UI.
• Monitor administrative activity and look for unexpected script injection behavior in the web interface after remediation.

Evidence notes

The source corpus includes the NVD record for CVE-2017-3902, which lists the vulnerability class as CWE-79 and the affected versions as ePO 5.1.0-5.1.3. Vendor-linked references in the NVD record point to McAfee Security Bulletin SB10184, plus SecurityFocus BID 96465 and SecurityTracker 1037628. This debrief uses only those supplied official and source-linked references.

Official resources