McAfee ePolicy Orchestrator SSL/TLS Certificate Validation Security Bypass Vulnerability (SB10120)

medium Nessus Plugin ID 85160

Synopsis

A security management application running on the remote host is affected by a security bypass vulnerability.

Description

According to its self-reported version, the McAfee ePolicy Orchestrator (ePO) running on the remote host is affected by a security bypass vulnerability due to a failure to properly validate server and Certificate Authority names in X.509 certificates from SSL servers. A man-in-the-middle attacker, by using a crafted certificate, can exploit this flaw to spoof servers, thus gaining access to transmitted information.

Solution

Upgrade to McAfee ePO version 4.6.9 / 5.1.2 / 5.3.0 or later, and apply the vendor-supplied workaround.

See Also

https://kc.mcafee.com/corporate/index?page=content&id=SB10120

https://kc.mcafee.com/corporate/index?page=content&id=KB84628

Plugin Details

Severity: Medium

ID: 85160

File Name: mcafee_epo_sb10120.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 7/31/2015

Updated: 1/19/2021

Configuration: Enable paranoid mode

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2015-2859

Vulnerability Information

CPE: cpe:/a:mcafee:epolicy_orchestrator

Required KB Items: installed_sw/epo_app_server, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 6/4/2015

Vulnerability Publication Date: 6/4/2015

Reference Information

CVE: CVE-2015-2859

BID: 75020

CERT: 264092

MCAFEE-SB: SB10120