GEN:SID | 1:2562 |
Message | WEB-MISC McAfee ePO file upload attempt |
Summary | This event is generated when an attempt is made to exploit a vulnerability associated with the server component of McAfee's ePolicy Orchestrator (ePO).
|
Impact | A successful attack may permit an attacker to upload malicious code on the ePolicy Orchestrator server that may subsequently deliver the malicious code to ePolicy agents.
|
Detailed Information | There is a problem with access authentication in McAfee's ePolicy Orchestrator server. This product is responsible for distributing packages and code to ePolicy agents, making this a potentially widespread and damaging attack in a network. Because of a failure to authenticate credentials, an attacker can perform administrator functions, such as file uploads, by connecting the the ePO web server. The malicious files may be pushed to the ePO agents by the ePO Orchestrator.
|
Affected Systems | McAfee ePolicy Orchestrator 2.5.0 McAfee ePolicy Orchestrator 2.5.1 before Patch 14 McAfee ePolicy Orchestrator 3.0 before Patch 4 for 2.0 SP2A
|
Attack Scenarios | An attacker can attempt to upload a malicious file using the web server of the ePO Orchestrator. The file may be subsequently pushed by the Orchestrator to ePO agents.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | |
Rule References | bugtraq: 10200
cve: 2004-0038
|