McAfee ePolicy Orchestrator 4.x < 4.6.9 / 5.x < 5.1.2 Multiple Vulnerabilities (SB10095)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

A security management application installed on the remote host is
affected by multiple vulnerabilities.

Description :

The version of McAfee ePolicy Orchestrator (ePO) installed on the
remote Windows host is 4.x prior to 4.6.9 or 5.x prior to 5.1.2. It
is, therefore, affected by multiple vulnerabilities :

- An XXE (XML External Entity) injection vulnerability
exists in the Server Task Log due to an incorrectly
configured XML parser accepting XML external entities
from an untrusted source. A remote, authenticated
attacker, by sending specially crafted XML data via the
'conditionXML' parameter, can gain access to arbitrary
files. (CVE-2015-0921)

- An information disclosure vulnerability exists due to
the use of a shared secret key to encrypt password
information. A remote attacker with knowledge of the key
can decrypt the administrator password. (CVE-2015-0922)

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10095
http://seclists.org/fulldisclosure/2015/Jan/37

Solution :

Upgrade to McAfee ePO version 4.6.9 / 5.1.2 or later, or apply the
vendor-supplied workaround.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 81106 ()

Bugtraq ID: 71881
72298

CVE ID: CVE-2015-0921
CVE-2015-0922

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now