CVE-2015-8988

high

Published 2017-03-14 · Modified 2026-05-13

CVSS v3

8.8

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

6.5

VIR risk

8.8

Description

Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secure@intel.com — https://kc.mcafee.com/corporate/index?page=content&id=SB10115

Application impact

Vendor	Product	Versions	Fixed
mcafee	epo_deep_command	`2.1`
mcafee	epo_deep_command	`2.2`

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10115
https://kc.mcafee.com/corporate/index?page=content&id=SB10115

CWEs

CWE-77

Verify integrity in audit chain (admin only). AS-IS.