Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4587


Vulnerability Score 3.5 3.5
CVE Id CVE-2012-4587
Last Modified 04 Apr 2013 11:13:33
Published 22 Aug 2012 06:42:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE



McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.

Vulnerable Systems


  • Mcafee Enterprise Mobility Manager 4.7

  • Mcafee Enterprise Mobility Manager Agent 10.0



XF - mcafee-emm-dnssrv-spoofing(78130)

Last Updated: 27 May 2016 10:57:36