CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
84.7%
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers’ installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
Vendor | Product | Version | CPE |
---|---|---|---|
mcafee | epolicy_orchestrator | * | cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.0.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.0:*:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.0.1 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.1:*:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.1.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.1.1 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:* |
packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html
seclists.org/fulldisclosure/2015/Jan/37
seclists.org/fulldisclosure/2015/Jan/8
www.securityfocus.com/bid/72298
www.securitytracker.com/id/1031519
exchange.xforce.ibmcloud.com/vulnerabilities/99949
gist.github.com/brandonprry/692e553975bf29aeaf2c
kc.mcafee.com/corporate/index?page=content&id=SB10095