Vulners
Lucene search
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
| Reporter | Title | Published | Views | Family All 22 |
|---|---|---|---|---|
 | McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities | 29 Apr 201400:00 | – | zdt |
 | CVE-2013-0141 | 1 May 201312:00 | – | attackerkb |
| CVE-2013-0140 | 1 May 201312:00 | – | attackerkb |
 | McAfee ePolicy Orchestrator Remote Code Execution (CVE-2013-0140; CVE-2013-0141) | 22 Jun 201400:00 | – | checkpoint_advisories |
 | CVE-2013-0140 | 1 May 201310:00 | – | cve |
| CVE-2013-0141 | 1 May 201310:00 | – | cve |
 | CVE-2013-0140 | 1 May 201310:00 | – | cvelist |
| CVE-2013-0141 | 1 May 201310:00 | – | cvelist |
 | EUVD-2013-0183 | 7 Oct 202500:30 | – | euvd |
| EUVD-2013-0184 | 7 Oct 202500:30 | – | euvd |
10
# Exploit Title: McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple vulnerabilities
# Date: 20 November 2012
# Exploit Author: [email protected] (a.k.a. [email protected])
# Vendor Homepage: http://www.mcafee.com/uk/products/epolicy-orchestrator.aspx
# Version: 4.6.0 -> 4.6.5
# Tested on: Windows 2003/2008
# CVE : CVE-2013-0140 , CVE-2013-0141
# More info on: http://funoverip.net/?p=1685 & https://github.com/funoverip/epowner
PoC:
v0.2.1- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33071-2.tar.gz (epowner-0.2.1.zip)
=====================================================================================================
INTRODUCTION
=====================================================================================================
- In short, this tool registers a rogue agent on the ePo server and then takes advantage of the
following vulnerabilities to perform multiple actions :
- CVE-2013-0140 : Pre-auth SQL Injection
- CVE-2013-0141 : Pre-auth Directory Path Traversal
- The tool manages the following actions, called "mode" :
-r, --register Register a new agent on the ePo server (it's free)
--check Check the SQL Injection vunerability
--add-admin Add a new web admin account into the DB
--readdb Retrieve various information from the database
--get-install-path Retrieve the installation path of ePo software (needed for other modes)
--ad-creds Retrieve and decrypt cached domain credentials from ePo database.
--wipe Wipe our traces from the database and file system
--srv-exec Perform remote command execution on the ePo server
--srv-upload Upload files on the ePo server
--cli-deploy Deploy commands or softwares on clients
- It is strongly advised to read the manual which explains how to use these modes (see below).
But basically, your two first actions must be :
1) Register a rogue agent using '--register'
2) Setup Remote Code execution using '--srv-exec --wizard'
- Usage examples are provided at the end of this file. It is recommended to read the doc before
any of usage of them.
- You may find a vulnerable version of the ePo software on my blog. Deploy 2 VMs (eposrv + epocli) and
test it !
- The tool was developed/tested on Backtrack 5r3, Kali Linux 1.0.6 and Ubuntu 12.04.
It won't work under Windows due to linux tools dependencies.
. ePolicy Orchestrator was running on Win2003 and Win2003 R2
. The managed station were running on WinXPsp3 and Win7Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Apr 2014 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 27.9
EPSS0.03811