Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4587

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-4587
Last Modified 04 Apr 2013 11:13:33
Published 22 Aug 2012 06:42:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-4587

Summary

McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.

Vulnerable Systems

Application

  • Mcafee Enterprise Mobility Manager 4.7

  • Mcafee Enterprise Mobility Manager Agent 10.0


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10021

XF - mcafee-emm-dnssrv-spoofing(78130)


Last Updated: 27 May 2016 10:57:36