CVE-2015-2859

medium

Description

Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References

http://www.kb.cert.org/vuls/id/264092

http://www.securityfocus.com/bid/75020

http://www.securitytracker.com/id/1032571

https://kc.mcafee.com/corporate/index?page=content&id=KB84628

https://kc.mcafee.com/corporate/index?page=content&id=SB10120

Details

Source: MITRE

Published: 2015-06-23

Updated: 2016-12-03

Type: CWE-310

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM