Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0922

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-0922
Last Modified 11 Feb 2015 02:14:22
Published 09 Jan 2015 01:59:11
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0922

Summary

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

Vulnerable Systems

Application

  • Mcafee Epolicy Orchestrator 4.6.8

  • Mcafee Epolicy Orchestrator 5.0.0

  • Mcafee Epolicy Orchestrator 5.0.1

  • Mcafee Epolicy Orchestrator 5.1.0

  • Mcafee Epolicy Orchestrator 5.1.1


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10095

FULLDISC - 20150106 McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure

MISC - http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html

FULLDISC - 20150112 Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure

XF - macafee-cve20150922-info-disc(99949)

BID - 72298


Last Updated: 27 May 2016 11:07:42