FireEye Operating System Multiple Vulnerabilities

Medium Nessus Plugin ID 89724


The remote host is missing a vendor-supplied security patch.


The remote host is running a version of FireEye Operating System (FEOS) that is missing a vendor-supplied security patch. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the Virtual Execution Engine (VXE) during the handling of file names that were previously flagged for the whitelist. A remote attacker can exploit this, via subsequent malicious files with the same file name, to bypass the analysis engine. (VulnDB 134606)

- A flaw exists when handling a specially crafted URL that allows an authenticated, remote attacker to render plaintext in the web user interface post-authentication, resulting in the disclosure of sensitive information.
(VulnDB 134607)

NOTE: FX version 7.5.0 is affected by the Analysis Engine Evasion vulnerability, but NOT the URL Encoded Bypass vulnerability.


Apply the relevant patch referenced in the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 89724

File Name: fireeye_os_2015Q4_url_injection.nasl

Version: 1.4

Type: local

Family: Firewalls

Published: 2016/03/07

Modified: 2018/03/09

Dependencies: 77056

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/o:fireeye:feos

Required KB Items: Host/FireEye/series, Host/FireEye/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/12/31

Vulnerability Publication Date: 2015/12/31

Reference Information

OSVDB: 134606, 134607