McAfee ePolicy Orchestrator Agent < 5.0.4.449 Log Viewer DoS

medium Nessus Plugin ID 97213

Synopsis

A security management application agent running on the remote host is affected by a denial of service vulnerability.

Description

According to its self-reported version, the McAfee ePolicy Orchestrator (ePO) Agent running on the remote host is 5.0.x prior to 5.0.4.449. It is, therefore, affected by a flaw in its remote log viewer component due to improper validation of input to an unspecified HTTP GET parameter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL request, to cause a denial of service condition.

Note that that exploitation of this vulnerability requires that both the Agent's log viewing functionality is enabled and the remote log access is not restricted to ePO administrators only. However, these are not set by default.

Solution

Upgrade McAfee ePO Agent to version 5.0.4.449 or later.

See Also

https://kc.mcafee.com/corporate/index?page=content&id=SB10183

Plugin Details

Severity: Medium

ID: 97213

File Name: mcafee_epo_agent_sb10183.nasl

Version: 1.7

Type: remote

Family: Misc.

Published: 2/16/2017

Updated: 11/13/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2017-3896

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mcafee:epolicy_orchestrator_agent

Required KB Items: installed_sw/McAfee ePO Agent

Exploit Ease: No known exploits are available

Patch Publication Date: 1/17/2017

Vulnerability Publication Date: 1/17/2017

Reference Information

CVE: CVE-2017-3896

BID: 95903

MCAFEE-SB: SB10183