Lucene search
St3n1337DAY-ID-22191HistoryApr 29, 2014 - 12:00 a.m.
McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities
2014-04-2900:00:00
st3n
0day.today
33
0.003 Low
EPSS
Percentile
63.4%
McAfee ePolicy Owner (ePowner) version 0.1 is an exploit that can add an administrative user to McAfee ePolicy Orchestrator as well as execute arbitrary commands on versions 4.6.0 through 4.6.5.
# Exploit Title: McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple vulnerabilities
# Date: 20 November 2012
# Exploit Author: [email protected] (a.k.a. [email protected])
# Vendor Homepage: http://www.mcafee.com/uk/products/epolicy-orchestrator.aspx
# Version: 4.6.0 -> 4.6.5
# Tested on: Windows 2003/2008
# CVE : CVE-2013-0140 , CVE-2013-0141
# More info on: http://funoverip.net/?p=1685
PoC: http://www.exploit-db.com/sploits/ePowner.0.1.tar.gz
=====================================================================================================
INTRODUCTION
=====================================================================================================
- In short, this tool registers a rogue agent on the ePo server and then takes advantage of the
following vulnerabilities to perform multiple actions :
- CVE-2013-0140 : Pre-auth SQL Injection
- CVE-2013-0141 : Pre-auth Directory Path Traversal
- The tool manages the following actions, called "mode" :
-r, --register Register a new agent on the ePo server (it's free)
--check Check the SQL Injection vunerability
--add-admin Add a new web admin account into the DB
--readdb Retrieve various information from the database
--get-install-path Retrieve the installation path of ePo software (needed for other modes)
--ad-creds Retrieve and decrypt cached domain credentials from ePo database.
--wipe Wipe our traces from the database and file system
--srv-exec Perform remote command execution on the ePo server
--srv-upload Upload files on the ePo server
--cli-deploy Deploy commands or softwares on clients
- It is strongly advised to read the manual which explains how to use these modes (see below).
But basically, your two first actions must be :
1) Register a rogue agent using '--register'
2) Setup Remote Code execution using '--srv-exec --wizard'
- Usage examples are provided at the end of this file. It is recommended to read the doc before
any of usage of them.
- You may find a vulnerable version of the ePo software on my blog. Deploy 2 VMs (eposrv + epocli) and
test it !
- The tool was developed/tested on Backtrack 5r3, Kali Linux 1.0.6 and Ubuntu 12.04.
It won't work under Windows due to linux tools dependencies.
. ePolicy Orchestrator was running on Win2003 and Win2003 R2
. The managed station were running on WinXPsp3 and Win7
# 0day.today [2018-03-28] #Related
cve
cve
CVE-2013-0140
2013-05-01 12:00:00
CVE-2013-4882
2013-07-22 11:21:00
prion
prion
Sql injection
2013-05-01 12:00:00
Sql injection
2013-07-22 11:21:00
nessus
nessus
McAfee ePolicy Orchestrator 4.6.x Multiple Vulnerabilities (SB10042)
2013-05-04 00:00:00
exploitpack
exploitpack
McAfee ePolicy Orchestrator 4.6.0 4.6.5 - ePowner Multiple Vulnerabilities
2014-04-28 00:00:00
openvas
openvas
McAfee ePolicy Orchestrator (ePO) Multiple Vulnerabilities-01 (Aug 2013)
2013-08-09 00:00:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
McAfee ePolicy Orchestrator security vulnerability
2013-07-16 00:00:00
cert
cert
seebug
seebug
McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities
2014-07-01 00:00:00
exploitdb
exploitdb