The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of McAfee ePO: directory traversal

Synthesis of the vulnerability 

An unauthenticated attacker can upload a file outside the root of the storage directory of McAfee ePO, in order for example to put a Trojan Horse on the system.
Vulnerable systems: ePO.
Severity of this threat: 2/4.
Creation date: 26/04/2013.
Références of this weakness: BID-59505, CERTA-2013-AVI-278, CVE-2013-0141, SB10041, SB10042, VESVM-2013-002, VIGILANCE-VUL-12722, VU#209131.

Description of the vulnerability 

An unauthenticated attacker can upload a file outside the root of the storage directory of McAfee ePO, in order for example to put a Trojan Horse on the system.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as ePO.

Our Vigil@nce team determined that the severity of this threat note is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer weakness.

Solutions for this threat 

McAfee ePO: version 5.0.
The version 5.0 is fixed:
  http://www.mcafee.com/us/downloads

McAfee ePO: version 4.6.6.
The version 4.6.6 is fixed:
  http://www.mcafee.com/us/downloads

McAfee ePO: version 4.5.7.
The version 4.5.7 is fixed:
  http://www.mcafee.com/us/downloads
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computers vulnerabilities announces. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.