Operating System:

[Virtual]

Published:

05 February 2019

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ASB-2019.0045 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0045
        ePolicy Orchestrator Cloud update fixes multiple Cross-Site
              Request Forgery vulnerabilities (CVE-2019-3604)
                              5 February 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Legacy ePolicy Orchestrator Cloud
Operating System:     Virtualisation
Impact/Access:        Cross-site Request Forgery -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-3604  
Member content until: Thursday, March  7 2019

OVERVIEW

        Multiple CSRF vulnerabilities have been identified in McAfee Legacy
        ePolicy Orchestrator (ePO) Cloud. [1]


IMPACT

        Details of the vulnerabilities can be found below:
        
        "CVE-2019-3604: Multiple Cross-Site Request Forgery issues in ePO 
        Cloud
         
        +------------------------+-----------------------------+
        |Base Score              |4.8                          |
        +------------------------+-----------------------------+
        |Attack Vector (AV)      |Network (N)                  |
        +------------------------+-----------------------------+
        |Attack Complexity (AC)  |High (H)                     |
        +------------------------+-----------------------------+
        |Privileges Required (PR)|High (H)                     |
        +------------------------+-----------------------------+
        |User Interaction (UI)   |Required (R)                 |
        +------------------------+-----------------------------+
        |Scope (S)               |Unchanged (U)                |
        +------------------------+-----------------------------+
        |Confidentiality (C)     |High (H)                     |
        +------------------------+-----------------------------+
        |Integrity (I)           |Low (L)                      |
        +------------------------+-----------------------------+
        |Availability (A)        |None (N)                     |
        +------------------------+-----------------------------+
        |Temporal Score (Overall)|4.5                          |
        +------------------------+-----------------------------+
        |Exploitability (E)      |Functional exploit exists (F)|
        +------------------------+-----------------------------+
        |Remediation Level (RL)  |Official Fix (O)             |
        +------------------------+-----------------------------+
        |Report Confidence (RC)  |Confirmed (C)                |
        +------------------------+-----------------------------+" [1]


MITIGATION

        McAfee recommends installing or updating to the latest version. [1]


REFERENCES

        [1] McAfee Security Bulletin - ePolicy Orchestrator Cloud update fixes
            multiple Cross-Site Request Forgery vulnerabilities (CVE-2019-3604)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10268

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXFjYYWaOgq3Tt24GAQg/7xAAnWXViw+EleExF5Jkfl9oy8SBLnAAwfFO
fhSoAJUKm5ufs4HnnKyuJNFDcx7fAe2SZP4d4+TXjRF19v41BC1RV+iQZEFUwMns
emGe2wKtlRlBvAeZDbWpoNbXs4QfxIdfnyX4HoXgPFqLd9U5VeFgaW8GjywTHrlp
Dt6f3HAVoOfpOG7seZ46oJf6m+72GO308yCr7x+hlK+gdPRd39lgGXO3pCMH2NYY
tLEkEkqR1MDflJ1KJUjGjyvdJ6Z/alHvnANt8x9URDXc3fffBEW68J3kSjU+I0SI
McgmNbXY3Ehqo+3m+O65BppH5h4yFUZ8xow+DiJ+loMA6leSe5nU62it3zYSYht9
JXnr5TfJunT+ka4q6VSi9V3z9mqCe3gv0562xlH117Kas7Q94kzBIksvbP4/9UIp
21OgpiFTwOfWUVsmVAka0N2PD8t3QoN/naO0stm9QzJ9/PBV/acy8Pwk3SGQRwt1
GMcT7XwmvOVwHSupysfDpq8leo4eD3XKPsWKOziw4ySxzuxH8RMOUyxyNQBqC38e
5UiMJbPigWMlq4ipQU0zpp8nKm1iYNCdyD6I2TzNWH7E6oQPyPMteDAye3bxKQKA
vEhrJWC1n5nU3tEx+reSg+YIHp25iKPRiqi43lmmOZev8VcHpDJ9xfrur2Nl/FJ+
0kvXC+IH9mc=
=PMjG
-----END PGP SIGNATURE-----