CVE-2015-0922
Published Jan 9, 2015
Last updated 7 years ago
Overview
- Description
- McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "013D7347-100A-454B-997B-E74E65B1C8D7",
"versionEndIncluding": "4.6.8"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD14FE96-A47F-4C92-90E8-678D93BB4CB3"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "648AAB2A-310B-493E-89DF-E8BCA56FB6FD"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE33AFB8-9962-4D75-B613-D5032A0949A1"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEBA52A8-233F-4015-B44B-1BF7B5593CCE"
}
],
"operator": "OR"
}
]
}
]