Detections
Analytics
McAfee ePolicy Orchestrator SSL/TLS Certificate Validation Security Bypass Vulnerability (SB10120)
medium Nessus Plugin ID 85160
Language:
Synopsis
A security management application running on the remote host is affected by a security bypass vulnerability.Description
According to its self-reported version, the McAfee ePolicy Orchestrator (ePO) running on the remote host is affected by a security bypass vulnerability due to a failure to properly validate server and Certificate Authority names in X.509 certificates from SSL servers. A man-in-the-middle attacker, by using a crafted certificate, can exploit this flaw to spoof servers, thus gaining access to transmitted information.Solution
Upgrade to McAfee ePO version 4.6.9 / 5.1.2 / 5.3.0 or later, and apply the vendor-supplied workaround.See Also
https://kc.mcafee.com/corporate/index?page=content&id=SB10120
https://kc.mcafee.com/corporate/index?page=content&id=KB84628
Plugin Details
Severity: Medium
ID: 85160
File Name: mcafee_epo_sb10120.nasl
Version: 1.9
Type: remote
Family: CGI abuses
Published: 7/31/2015
Updated: 1/19/2021
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.7
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2015-2859
Vulnerability Information
CPE: cpe:/a:mcafee:epolicy_orchestrator
Required KB Items: Settings/ParanoidReport, installed_sw/epo_app_server
Exploit Ease: No known exploits are available
Patch Publication Date: 6/4/2015
Vulnerability Publication Date: 6/4/2015
Reference Information
CVE: CVE-2015-2859
BID: 75020
CERT: 264092
MCAFEE-SB: SB10120