Exploit: McAfee ePolicy 0wner (ePowner) – Preview
If you heard about the following vulnerabilities in McAfee ePolicy Orchestrator version 4.6.5 and earlier:
- CVE-2013-0140 – Pre-authenticated SQL injection
- CVE-2013-0141 – Pre-authenticated directory path traversal
and your environments haven’t been updated yet, then you should consider watching this video…
- Remote command execution on the ePo server.
- Remote command execution on the Managed stations (one ring to rule them all).
- File upload on the ePo server.
- Active Directory credentials stealing.
© 2013 – 2014, Fun Over IP. All rights reserved.