A vulnerability classified as problematic has been found in McAfee ePolicy Orchestrator up to 5.9.x/5.10.0 Update 3 (Endpoint Management Software). This affects some unknown processing of the component Agent Handler. The manipulation with an unknown input leads to a information disclosure vulnerability (Sniffing). CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality. The summary by CVE is:

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.

The weakness was released 07/03/2019 (Website). The advisory is shared at kc.mcafee.com. This vulnerability is uniquely identified as CVE-2019-3619 since 01/03/2019. The exploitability is told to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1592 for this issue.

Applying the patch 5.10.0 Update 4 is able to eliminate this problem.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Endpoint Management Software

Vendor

• McAfee

Name

• ePolicy Orchestrator

Version

• 5.0
• 5.1
• 5.2
• 5.3
• 5.4
• 5.5
• 5.6
• 5.7
• 5.8
• 5.9
• 5.10.0 Update 3

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion