McAfee Endpoint Encryption/Removable Media Protection Password entropy
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.7 | $0-$5k | 0.00 |
A vulnerability classified as problematic has been found in McAfee Endpoint Encryption and Removable Media Protection. This affects an unknown part of the component Password Handler. The manipulation with an unknown input leads to a entropy vulnerability. CWE is classifying the issue as CWE-331. The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others. This is going to have an impact on confidentiality.
The weakness was published 10/27/2014 by Matthias Deeg with SySS GmbH as SB10089 as confirmed security bulletin (Website). The advisory is shared at kc.mcafee.com. This vulnerability is uniquely identified as CVE-2014-8518 since 10/29/2014. The exploitability is told to be easy. An attack has to be approached locally. No form of authentication is needed for exploitation. Technical details are unknown but an exploit is available. MITRE ATT&CK project uses the attack technique T1600.001 for this issue.
It is declared as functional.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (98426). Similar entry is available at 68084.
Affected
- McAfee Endpoint Encryption For Files And Folders up to 4.2.0
- McAfee File And Removable Media Protection up to 4.3.0.243
Product
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.0VulDB Meta Temp Score: 3.7
VulDB Base Score: 4.0
VulDB Temp Score: 3.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: EntropyCWE: CWE-331 / CWE-330 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Functional
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
10/27/2014 🔍10/27/2014 🔍
10/27/2014 🔍
10/29/2014 🔍
10/29/2014 🔍
11/04/2014 🔍
11/19/2014 🔍
02/23/2022 🔍
Sources
Vendor: mcafee.comAdvisory: SB10089
Researcher: Matthias Deeg
Organization: SySS GmbH
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-8518 (🔍)
X-Force: 98426 - McAfee Endpoint Encryption for Files and Folders information disclosure, Low Risk
Vulnerability Center: 47180 - McAfee Multiple Products Local Information Disclosure via a Brute Force Attack, Medium
SecurityFocus: 70819 - Multiple McAfee Products CVE-2014-8518 Insufficient Entropy Weakness
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 11/04/2014 08:11Updated: 02/23/2022 23:08
Changes: 11/04/2014 08:11 (46), 06/12/2017 08:33 (22), 02/23/2022 23:08 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.