Executive Summary
Informations | |||
---|---|---|---|
Name | TA13-193A | First vendor Publication | 2013-07-12 |
Vendor | US-CERT | Last vendor Modification | 2013-07-12 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.9 | Attack Range | Adjacent network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 5.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Overview A new exploit tool targets two vulnerabilities in McAfee’s ePolicy Orchestrator (ePO). DescriptionA new exploit tool specifically built to attack McAfee’s ePolicy Orchestrator (ePO) targets two vulnerabilities found in ePO versions 4.6.5 and earlier. In order to exploit these vulnerabilities the attacker must be on the local network. ImpactThe tool allows an attacker on the local network to add rogue systems to an enterprise ePO server, steal domain credentials if they are cached within ePO, upload files to the ePO server, and execute commands on the ePO server as well as any systems managed by ePO. SolutionIdentify Vulnerable ePO Versions To determine whether your instance of ePO is vulnerable, please refer to KB52634 and KB59938:
ePolicy Orchestrator 4.5.6 (Build: 137) - Microsoft Internet Explorer
ePolicy Orchestrator 4.6.5 (Build: 168) - Microsoft Internet Explorer Update ePO This tool poses a significant risk to enterprises that use ePO and the following mitigation steps are strongly advised.
Restrict Access to ePO Additionally, US-CERT recommends that administrators use dedicated remote administration consoles and set strict access controls that only allow specified systems to connect to the ePO server, reducing the potential attack surface. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA13-193A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
50 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2014-04-28 | McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-05-02 | IAVM : 2013-A-0098 - Multiple Vulnerabilities in McAfee ePolicy Orchestrator Severity : Category I - VMSKEY : V0037763 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | McAfee ePolicy Orchestrator XSS attempt RuleID : 28827 - Revision : 3 - Type : SERVER-OTHER |
2014-01-10 | McAfee ePolicy Orchestrator XSS attempt RuleID : 28826 - Revision : 2 - Type : SERVER-OTHER |
2014-01-10 | McAfee ePolicy Orchestrator XSS attempt RuleID : 28825 - Revision : 2 - Type : SERVER-OTHER |
2014-01-10 | McAfee ePolicy Orchestrator XSS attempt RuleID : 28824 - Revision : 3 - Type : SERVER-OTHER |
2014-01-10 | McAfee ePolicy Orchestrator XSS attempt RuleID : 28823 - Revision : 2 - Type : SERVER-OTHER |
2014-01-10 | McAfee ePolicy Orchestrator XSS attempt RuleID : 28822 - Revision : 2 - Type : SERVER-OTHER |
2014-01-10 | McAfee ePolicy Orchestrator XSS attempt RuleID : 28821 - Revision : 3 - Type : SERVER-OTHER |
2014-01-10 | McAfee ePolicy Orchestrator timing based injection attempt RuleID : 27724 - Revision : 2 - Type : SQL |
2014-01-10 | McAfee ePolicy Orchestrator timing based injection attempt RuleID : 27723 - Revision : 2 - Type : SQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-05-04 | Name : A security management application on the remote host has multiple vulnerabili... File : mcafee_epo_sb10042.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-07-16 17:18:36 |
|