{"vuid":"VU#209131","idnumber":"209131","name":"McAfee ePolicy Orchestrator 4.6.4 and earlier pre-authenticated SQL injection and directory path traversal vulnerabilities","keywords":["mcafee","epolicy","orchestrator","sql injection","cwe-89"],"overview":"McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticated sql injection and directory path traversal vulnerability which could allow an attacker to inject malicious code into the system.","clean_desc":"McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticated sql injection and directory path traversal vulnerability: Server-side pre-Authenticated SQL Injection within the Agent-Handler component (Agent-Server communication channel). The attack is performed by registering a rogue Agent to the ePolicy Orchestrator server, and sending a crafted HTTP request to the ePolicy Orchestrator server. Successful attacks allow remote attackers to retrieve sensitive information from the ePo database (such as administrative domain credentials), to create additional web console administrator accounts, and to perform remote code execution with SYSTEM privilege. CVE-2013-0140 Server-side pre-Authenticated Directory Path Traversal within File upload process. The attack is performed by registering a rogue Agent to the ePolicy Orchestrator server, and sending a crafted HTTP request to the ePolicy Orchestrator server. Successful attacks allow remote attackers to upload unrestricted file content. A typical scenario would be to store malicious files under /Software/ folder, to make them available for download from the ePolicy Orchestrator server. CVE-2013-0141\nThe CVSS scores below apply to CVE-2013-0140.","impact":"An attacker with network access to the McAfee ePolicy Orchestrator Agent-Handler (port tcp/443 by default) could upload arbitrary files under the ePolicy Orchestrator installation folder, gain read and write access to ePolicy Orchestrator database, or run arbitrary code on the ePolicy Orchestrator system.","resolution":"Update Mcafee Security Advisory SB10042 states: All of these issues are resolved in McAfee ePO version 4.6.6 and 4.5.7. McAfee ePO 4.5.7 is targeted for release in mid-May 2013. McAfee ePO 4.6.6 was released on March 26th, 2013. A McAfee ePO 4.5.6 Hotfix was released on April 15th, 2013. McAfee ePO download Instructions. 1. Launch Internet Explorer. 2. Navigate to: http://www.mcafee.com/us/downloads\n3. Provide your valid McAfee grant number. 4. Select the product and click View Available Downloads. 5. Click McAfee ePolicy Orchestrator. 6. Click the patches tab or click the link to download the product .ZIP file under Download on the Software Downloads screen. For instructions on how to download McAfee products, documentation, security updates, patches, or hotfixes, see: KB56057.","workarounds":"","sysaffected":"","thanks":"Thanks to \nJerome Nokin from Verizon Enterprise Solutions (GCIS Vulnerability Management) for discovering this vulnerability, and thanks to Thierry Zoller from Verizon Enterprise Solutions (GCIS Vulnerability Management) for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p","s",":","/","/","k","c",".","m","c","a","f","e","e",".","c","o","m","/","c","o","r","p","o","r","a","t","e","/","i","n","d","e","x","?","p","a","g","e","=","c","o","n","t","e","n","t","&","i","d","=","S","B","1","0","0","4","2"],"cveids":["CVE-2013-0140","CVE-2013-0141"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-01-08T15:17:04Z","publicdate":"2013-04-25T00:00:00Z","datefirstpublished":"2013-04-29T12:44:47Z","dateupdated":"2014-07-30T16:15:58Z","revision":36,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.6","cvss_basevector":"AV:N/AC:H/Au:N/C:C/I:C/A:C","cvss_temporalscore":"6","cvss_environmentalscore":"5.37833468304","cvss_environmentalvector":"CDP:LM/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}