ID KLA10485Type kasperskyReporter Kaspersky LabModified 2020-05-22T00:00:00
Description
Detect date : 02/17/2015
Severity :High
Description :Multiple serious vulnerabilities have been found in McAfee DLPE. Malicious users can exploit these vulnerabilities to obtain sensitive information, inject or execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed URL and other unspecified vectors related to ePO extension.
Affected products :McAfee Data Loss Prevention Endpoint versions earlier than 9.3.400
Solution :Update to latest version!Get McAfee DLPE
Original advisories :McAfee bulletin
Impacts :ACE
Related products :McAfee Data Loss Prevention Endpoint
CVE-IDS :CVE-2015-1618 4.0WarningCVE-2015-1617 3.5WarningCVE-2015-1616 6.5High
{"id": "KLA10485", "bulletinFamily": "info", "title": "\r KLA10485Multiple vulnerabilities in McAfee Data Loss Prevention Endpoint ", "description": "### *Detect date*:\n02/17/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in McAfee DLPE. Malicious users can exploit these vulnerabilities to obtain sensitive information, inject or execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed URL and other unspecified vectors related to ePO extension.\n\n### *Affected products*:\nMcAfee Data Loss Prevention Endpoint versions earlier than 9.3.400\n\n### *Solution*:\nUpdate to latest version! \n[Get McAfee DLPE](<http://www.mcafee.com/us/downloads/downloads.aspx>)\n\n### *Original advisories*:\n[McAfee bulletin](<https://kc.mcafee.com/corporate/index?page=content&id=SB10098>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[McAfee Data Loss Prevention Endpoint](<https://threats.kaspersky.com/en/product/McAfee-Data-Loss-Prevention-Endpoint/>)\n\n### *CVE-IDS*:\n[CVE-2015-1618](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1618>)4.0Warning \n[CVE-2015-1617](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1617>)3.5Warning \n[CVE-2015-1616](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1616>)6.5High", "published": "2015-02-17T00:00:00", "modified": "2020-05-22T00:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10485", "reporter": "Kaspersky Lab", "references": [], "cvelist": ["CVE-2015-1617", "CVE-2015-1618", "CVE-2015-1616"], "type": "kaspersky", "lastseen": "2020-09-02T11:44:27", "edition": 41, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-1616", "CVE-2015-1617", "CVE-2015-1618"]}, {"type": "nessus", "idList": ["MCAFEE_EPO_SB10098.NASL"]}], "modified": "2020-09-02T11:44:27", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2020-09-02T11:44:27", "rev": 2}, "vulnersScore": 6.6}, "scheme": null}
{"cve": [{"lastseen": "2020-12-09T20:03:01", "description": "The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL.", "edition": 5, "cvss3": {}, "published": "2015-02-17T15:59:00", "title": "CVE-2015-1618", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1618"], "modified": "2015-02-18T18:56:00", "cpe": ["cpe:/a:mcafee:data_loss_prevention_endpoint:9.3.300"], "id": "CVE-2015-1618", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1618", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mcafee:data_loss_prevention_endpoint:9.3.300:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:01", "description": "Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2015-02-17T15:59:00", "title": "CVE-2015-1617", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1617"], "modified": "2015-02-18T18:56:00", "cpe": ["cpe:/a:mcafee:data_loss_prevention_endpoint:9.3.300"], "id": "CVE-2015-1617", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1617", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mcafee:data_loss_prevention_endpoint:9.3.300:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:01", "description": "SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2015-02-17T15:59:00", "title": "CVE-2015-1616", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1616"], "modified": "2015-02-18T18:56:00", "cpe": ["cpe:/a:mcafee:data_loss_prevention_endpoint:9.3.300"], "id": "CVE-2015-1616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1616", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mcafee:data_loss_prevention_endpoint:9.3.300:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-01T03:45:58", "description": "The remote McAfee ePO server has a vulnerable version of McAfee Data\nLoss Protection Endpoint (DLPe) extension installed that is affected\nby multiple vulnerabilities :\n\n - An unspecified SQL injection vulnerability exists due to\n improper sanitization of user-supplied input. This\n allows an authenticated, remote attacker to inject or\n manipulate SQL queries, resulting in the disclosure of\n sensitive information. (CVE-2015-1616)\n\n - An unspecified cross-site scripting vulnerability exists\n due to improper validation of user-supplied input. This\n allows an authenticated, remote attacker to execute\n arbitrary script code in a user's browser session.\n (CVE-2015-1617)\n\n - An information disclosure vulnerability exists due to\n access checks not being properly enforced. A remote,\n authenticated attacker can gain access to password\n information via a specially crafted URL.\n (CVE-2015-1618)", "edition": 25, "published": "2015-02-20T00:00:00", "title": "McAfee ePO DLPe Extension < 9.3.400 Multiple Vulnerabilities (SB10098)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1617", "CVE-2015-1618", "CVE-2015-1616"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mcafee:data_loss_prevention_endpoint"], "id": "MCAFEE_EPO_SB10098.NASL", "href": "https://www.tenable.com/plugins/nessus/81422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81422);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2015-1616\",\n \"CVE-2015-1617\",\n \"CVE-2015-1618\"\n );\n script_bugtraq_id(\n 73419,\n 73421,\n 73422\n );\n script_xref(name:\"MCAFEE-SB\", value:\"SB10098\");\n\n script_name(english:\"McAfee ePO DLPe Extension < 9.3.400 Multiple Vulnerabilities (SB10098)\");\n script_summary(english:\"Checks the version of the McAfee ePO DLPe extension.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote McAfee ePO server has a vulnerable version of McAfee Data\nLoss Protection Endpoint (DLPe) extension installed that is affected\nby multiple vulnerabilities :\n\n - An unspecified SQL injection vulnerability exists due to\n improper sanitization of user-supplied input. This\n allows an authenticated, remote attacker to inject or\n manipulate SQL queries, resulting in the disclosure of\n sensitive information. (CVE-2015-1616)\n\n - An unspecified cross-site scripting vulnerability exists\n due to improper validation of user-supplied input. This\n allows an authenticated, remote attacker to execute\n arbitrary script code in a user's browser session.\n (CVE-2015-1617)\n\n - An information disclosure vulnerability exists due to\n access checks not being properly enforced. A remote,\n authenticated attacker can gain access to password\n information via a specially crafted URL.\n (CVE-2015-1618)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10098\");\n script_set_attribute(attribute:\"solution\", value:\"Install or update to DLPe 9.3 Patch 4 (9.3.400).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:data_loss_prevention_endpoint\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mcafee_epo_installed.nasl\");\n script_require_keys(\"SMB/mcafee_epo/Path\", \"SMB/mcafee_epo/ver\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nappname = 'McAfee ePO Extension for DLPe';\nepo_path = get_kb_item_or_exit('SMB/mcafee_epo/Path'); # ePO install path\n\n# first, figure out where the mcafee agent extension is installed\nconfig_path = hotfix_append_path(path:epo_path, value:\"Server\\conf\\Catalina\\localhost\\DATALOSS2000.xml\");\n\nxml = hotfix_get_file_contents(path:config_path);\n\nhotfix_handle_error(error_code : xml['error'],\n file : config_path,\n appname : appname,\n exit_on_fail : TRUE);\n\ndata = xml['data'];\n\n# determine where the extension is installed\nmatch = eregmatch(string:data, pattern:'docBase=\"([^\"]+)\"');\nif (!isnull(match))\n{\n ext_path = match[1] - 'webapp';\n ext_path = str_replace(string:ext_path, find:'/', replace:\"\\\");\n}\n\nif (isnull(ext_path))\n{\n hotfix_check_fversion_end();\n exit(1, \"Unable to extract extension path from '\" + config_path + \"'.\");\n}\n\n# now that it has been determined where the extension is installed,\n# and figure out which version it is\nprop_file = hotfix_append_path(path:ext_path, value:'extension.properties');\next_version = NULL;\n\nprop_content = hotfix_get_file_contents(path:prop_file);\n\nhotfix_handle_error(error_code : prop_content['error'],\n file : prop_file,\n appname : appname,\n exit_on_fail : TRUE);\n\ndata = prop_content['data'];\n\n# sanity check - make sure that this extension actually is the epo extension for DLPe\nif (data =~ \"extension\\.name\\s*=\\s*DATALOSS2000\")\n{\n match = eregmatch(string:data, pattern:\"extension\\.version\\s*=\\s*([\\d.]+)\");\n if (!isnull(match)) ext_version = match[1];\n}\n\nhotfix_check_fversion_end();\n\nif (isnull(ext_version))\n audit(AUDIT_NOT_INST, 'McAfee ePO Extension for DLPe');\n\nport = kb_smb_transport();\n\nif (ver_compare(ver:ext_version, fix:'9.3.400', strict:FALSE) == -1)\n{\n set_kb_item(name:'www/0/SQLInjection', value:TRUE);\n set_kb_item(name:'www/0/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report +=\n '\\n Path : ' + ext_path +\n '\\n Installed version : ' + ext_version +\n '\\n Fixed version : 9.3.400\\n';\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n}\nelse\n audit(AUDIT_INST_PATH_NOT_VULN, 'McAfee ePO Extension for DLPe', ext_version, ext_path);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
