McAfee ePolicy Orchestrator Java Object Deserialization RCE

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

A security management application installed on the remote Windows host
is affected by a remote code execution vulnerability.

Description :

The McAfee ePolicy Orchestrator (ePO) installed on the remote Windows
host is affected by a remote code execution vulnerability due to
unsafe deserialize calls of unauthenticated Java objects to the Apache
Commons Collections (ACC) library. An unauthenticated, remote attacker
can exploit this to execute arbitrary code on the target host.

See also :

http://www.nessus.org/u?857cd252
http://www.nessus.org/u?0f7a4795
http://www.nessus.org/u?e0204f30

Solution :

Upgrade to McAfee ePO version 5.1.3 / 5.3.1 and then apply hotfix
EPO5xHF1106041.zip. A patch for ePO version 5.1.4 is scheduled to be
released in Q2 of 2016.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 88624 ()

Bugtraq ID: 85696

CVE ID: CVE-2015-8765

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now