7.9 - VU#209131

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	McAfee ePolicy Orchestrator 4.6.4 and earlier pre-authenticated SQL injection and directory path traversal vulnerabilities

Informations
Name	VU#209131	First vendor Publication	2013-04-29
Vendor	VU-CERT	Last vendor Modification	2013-04-29
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.9	Attack Range	Adjacent network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	5.5	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#209131

McAfee ePolicy Orchestrator 4.6.4 and earlier pre-authenticated SQL injection and directory path traversal vulnerabilities

Original Release date: 29 Apr 2013 | Last revised: 29 Apr 2013

Overview

McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticated sql injection and directory path traversal vulnerability which could allow an attacker to inject malicious code into the system.

Description

McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticated sql injection and directory path traversal vulnerability:

1. Server-side pre-Authenticated SQL Injection within the Agent-Handler component (Agent-Server communication channel).
The attack is performed by registering a rogue Agent to the ePolicy Orchestrator server, and sending a crafted HTTP request to the ePolicy Orchestrator server. Successful attacks allow remote attackers to retrieve sensitive information from the ePo database (such as administrative domain credentials), to create additional web console administrator accounts, and to perform remote code execution with SYSTEM privilege. CVE-2013-0140

Impact

An attacker with network access to the McAfee ePolicy Orchestrator Agent-Handler (port tcp/443 by default) could upload arbitrary files under the ePolicy Orchestrator installation folder, gain read and write access to ePolicy Orchestrator database, or run arbitrary code on the ePolicy Orchestrator system.

Solution

Update

Mcafee Security Advisory SB10042 states:

All of these issues are resolved in McAfee ePO version 4.6.6 and 4.5.7.
McAfee ePO 4.5.7 is targeted for release in mid-May 2013.
McAfee ePO 4.6.6 was released on March 26th, 2013.
A McAfee ePO 4.5.6 Hotfix was released on April 15th, 2013.

McAfee ePO download Instructions.
1. Launch Internet Explorer.
2. Navigate to:

http://www.mcafee.com/us/downloads

3. Provide your valid McAfee grant number.
4. Select the product and click View Available Downloads.
5. Click McAfee ePolicy Orchestrator.
6. Click the patches tab or click the link to download the product .ZIP file under Download on the Software Downloads screen.
For instructions on how to download McAfee products, documentation, security updates, patches, or hotfixes, see:

KB56057

Vendor Information (Learn More)

Vendor	Status	Date Notified	Date Updated
McAfee	Affected	28 Jan 2013	25 Apr 2013

If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group	Score	Vector
Base	7.9	AV:A/AC:M/Au:N/C:C/I:C/A:C
Temporal	6.2	E:POC/RL:OF/RC:C
Environmental	5.5	CDP:LM/TD:M/CR:ND/IR:ND/AR:ND

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10042

Credit

Thanks to Jerome Nokin from Verizon Enterprise Solutions (GCIS Vulnerability Management) for discovering this vulnerability, and thanks to Thierry Zoller from Verizon Enterprise Solutions (GCIS Vulnerability Management) for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs:CVE-2013-0140CVE-2013-0141
Date Public:25 Apr 2013
Date First Published:29 Apr 2013
Date Last Updated:29 Apr 2013
Document Revision:28

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/209131

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-89	Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
50 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mcafee Epolicy Orchestrator cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.5:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.4:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.3:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.2:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.1:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.0:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.6:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.5:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.4:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.3:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.0:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.1:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.0:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:sp2a:::::: cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1:::::: cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:2.0:::::::* cpe:2.3:a:mcafee:epolicy_orchestrator:::::::: cpe:2.3:a:mcafee:epolicy_orchestrator:-:::::::*	23

ExploitDB Exploits

id	Description
2014-04-28	McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-05-02	IAVM : 2013-A-0098 - Multiple Vulnerabilities in McAfee ePolicy Orchestrator Severity : Category I - VMSKEY : V0037763

Snort® IPS/IDS

Date	Description
2014-01-10	McAfee ePolicy Orchestrator XSS attempt RuleID : 28827 - Revision : 3 - Type : SERVER-OTHER
2014-01-10	McAfee ePolicy Orchestrator XSS attempt RuleID : 28826 - Revision : 2 - Type : SERVER-OTHER
2014-01-10	McAfee ePolicy Orchestrator XSS attempt RuleID : 28825 - Revision : 2 - Type : SERVER-OTHER
2014-01-10	McAfee ePolicy Orchestrator XSS attempt RuleID : 28824 - Revision : 3 - Type : SERVER-OTHER
2014-01-10	McAfee ePolicy Orchestrator XSS attempt RuleID : 28823 - Revision : 2 - Type : SERVER-OTHER
2014-01-10	McAfee ePolicy Orchestrator XSS attempt RuleID : 28822 - Revision : 2 - Type : SERVER-OTHER
2014-01-10	McAfee ePolicy Orchestrator XSS attempt RuleID : 28821 - Revision : 3 - Type : SERVER-OTHER
2014-01-10	McAfee ePolicy Orchestrator timing based injection attempt RuleID : 27724 - Revision : 2 - Type : SQL
2014-01-10	McAfee ePolicy Orchestrator timing based injection attempt RuleID : 27723 - Revision : 2 - Type : SQL

Nessus® Vulnerability Scanner

Date	Description
2013-05-04	Name : A security management application on the remote host has multiple vulnerabili... File : mcafee_epo_sb10042.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-05-10 09:27:02	Multiple Updates
2014-02-17 12:07:35	Multiple Updates
2013-05-16 17:18:11	Multiple Updates
2013-05-11 05:18:19	Multiple Updates
2013-05-01 17:24:12	Multiple Updates
2013-04-29 17:18:27	First insertion

Global Informations

Type	Count
CWE ID(s)	2
CPE ID(s)	23
ExploitDB Exploit(s)	1
IAVM(s)	1
Snort® Rule(s)	9
Nessus® Exploit(s)	1

	Related
7.9	TA13-193A
7.9	CVE-2013-0140
4.3	CVE-2013-0141
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)