FireEye Operating System Multiple Vulnerabilities
Medium Nessus Plugin ID 89724
SynopsisThe remote host is missing a vendor-supplied security patch.
DescriptionThe remote host is running a version of FireEye Operating System (FEOS) that is missing a vendor-supplied security patch. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the Virtual Execution Engine (VXE) during the handling of file names that were previously flagged for the whitelist. A remote attacker can exploit this, via subsequent malicious files with the same file name, to bypass the analysis engine. (VulnDB 134606)
- A flaw exists when handling a specially crafted URL that allows an authenticated, remote attacker to render plaintext in the web user interface post-authentication, resulting in the disclosure of sensitive information.
NOTE: FX version 7.5.0 is affected by the Analysis Engine Evasion vulnerability, but NOT the URL Encoded Bypass vulnerability.
SolutionApply the relevant patch referenced in the vendor advisory.