Exploit: McAfee ePolicy 0wner (ePowner) – Preview
If you heard about the following vulnerabilities in McAfee ePolicy Orchestrator version 4.6.5 and earlier:
- CVE-2013-0140 – Pre-authenticated SQL injection
- CVE-2013-0141 – Pre-authenticated directory path traversal
and your environments haven’t been updated yet, then you should consider watching this video…
Main Features:
- Remote command execution on the ePo server.
- Remote command execution on the Managed stations (one ring to rule them all).
- File upload on the ePo server.
- Active Directory credentials stealing.
More information:
- https://kc.mcafee.com/corporate/index?page=content&id=sb10042
- http://www.kb.cert.org/vuls/id/209131
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0140
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0141
(21 votes, average: 4.19 out of 5)
Loading...
© 2013 – 2014, foip. All rights reserved.
Vulnerability patched:
https://kc.mcafee.com/corporate/index?page=content&id=sb10042
Hi,
When are you releasing the tool?
Would be great to test it :)
Thanks Tim
When will the exploit be released?
Just ran in to an unpatched ePo server during a pentest, I’d love to…. ;)