Detections
Analytics
ePolicy Orchestrator Symlink Arbitrary Privileged File Access
medium Nessus Plugin ID 19552
Language:
Synopsis
The remote web server is prone to an information disclosure vulnerability.Description
The remote host is running ePolicy Orchestrator / ProtectionPilot, a system security management solution from McAfee.According to its banner, the Common Management Agent (CMA) associated with ePolicy Orchestrator / ProtectionPilot on the remote host can be used by local users to view files residing on the same partition as the affected application with LocalSystem level privileges by creating symbolic links in the agent's web root directory. This may enable them to read files to which they would not otherwise have access.
Solution
Apply CMA 3.5 Patch 4 as described in the vendor's advisory.See Also
http://reedarvin.thearvins.com/20050811-01.html
http://knowledge.mcafee.com/article/430/KB42216_f.SAL_Public.html
Plugin Details
Severity: Medium
ID: 19552
File Name: epolicy_orchestrator_local_info_disclosure.nasl
Version: 1.17
Type: remote
Family: Web Servers
Published: 9/1/2005
Updated: 7/10/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.5
CVSS v2
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 3.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N
Vulnerability Information
CPE: cpe:/a:mcafee:epolicy_orchestrator
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 8/11/2005
Reference Information
CVE: CVE-2005-2554
BID: 14549