Loading...
Skip to content

Business ServicePortal

Hotfixes Resolve ePO Vulnerability
 

(5/19/2017)
A vulnerability in ePolicy Orchestrator (ePO) has been discovered and resolved.

AFFECTED SOFTWARE
  • ePO 5.1.3 and earlier
  • ePO 5.3.2 and earlier
  • ePO 5.9.0 and earlier
REMEDIATED VERSIONS
The vulnerability is remediated in these versions:
  • ePO 5.1.3: hotfix EPO513HF1193124
  • ePO 5.3.1: hotfix EPO531HF1194398
  • ePO 5.3.2: hotfix EPO532HF1193123
  • ePO 5.9.0: hotfix EPO590HF1193951
NOTE: Users of ePO 5.1.0, 5.1.1, and 5.1.2 must upgrade to ePO 5.1.3, 5.3.2, or 5.3.1 and then apply the appropriate hotfix.

IMPACT
  • CVE-2017-3980 (CVSS: 7.6; Severity: High) A directory traversal vulnerability in the ePO Extension in ePO 5.9.0, 5.3.2, and 5.1.3 (and earlier) allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
RECOMMENDATION
McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10196, McAfee Security Bulletin - ePolicy Orchestrator update fixes directory traversal vulnerability (CVE-2017-3980) (https://kc.mcafee.com/corporate/index?page=content&id=SB10196)

McAfee Agent 5.0.5 Hotfix 1188538 Now Available
 

McAfee SNS Weekly Roundup (May 16)
 

McAfee's observations on Wannacry outbreak
 

SNS DOMAIN CHANGE
 

Welcome to the ServicePortal
 

 

How are we doing?
ServicePortal feedback »

 

The Association of
Support Professionals.
This year's Ten Best
Web Support Sites