CVE-2015-0922 : McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the sam

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

Published 2015-01-09 18:59:12

Updated 2017-09-08 01:29:47

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2015-0922

Mcafee » Epolicy Orchestrator
Versions up to, including, (<=) 4.6.8
cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.0.0
cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.0:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.0.1
cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.1:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.1.0
cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.1.1
cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0922

EPSS FAQ

45.75%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-0922

McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure

Disclosure Date: 2015-01-06

First seen: 2020-04-26

auxiliary/gather/mcafee_epo_xxe

This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password

More information

CVSS scores for CVE-2015-0922

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-0922

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0922

http://seclists.org/fulldisclosure/2015/Jan/37

Full Disclosure: Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure

CVEs referencing this url
http://www.securitytracker.com/id/1031519

McAfee ePolicy Orchestrator XML External Entity Flaw and Static Encryption Key Let Remote Authenticated Users Obtain Passwords - SecurityTracker

CVEs referencing this url
http://www.securityfocus.com/bid/72298

McAfee ePolicy Orchestrator CVE-2015-0922 Information Disclosure Vulnerability
Exploit
https://gist.github.com/brandonprry/692e553975bf29aeaf2c

gist:692e553975bf29aeaf2c · GitHub

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/99949

McAfee ePolicy Orchestrator keystore.properties information disclosure CVE-2015-0922 Vulnerability Report
http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html

McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure ≈ Packet Storm
Exploit

CVEs referencing this url
http://seclists.org/fulldisclosure/2015/Jan/8

Full Disclosure: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure

CVEs referencing this url
https://kc.mcafee.com/corporate/index?page=content&id=SB10095

Patch;Vendor Advisory

CVEs referencing this url

Jump to