Positive Technologies Expert Has Discovered a Vulnerability in McAfee ePO Security Management System
The vulnerability allowed attackers to perform actions on behalf of system administrators, such as disabling protection and developing an attack on a network
McAfee has acknowledged Positive Technologies expert Mikhail Klyuchnikov for eliminating the vulnerability in McAfee ePolicy Orchestrator (McAfee ePO), a security management console that helps protect endpoints, networks, and data, and ensure compliance with security standards. More than 36,000 businesses and organizations use the McAfee ePO console.
The vulnerability CVE-2020-7318 received a CVSS v3.1 score of 4.6.
Mikhail Klyuchnikov explained: “The vulnerability is caused by improper filtering of user data. It is a classic XSS vulnerability. Attackers can trick system administrators into following a malicious link and performing illegitimate actions in the administrator panel on the administrator’s behalf, by exploiting the panel’s standard functions, or search for additional vulnerabilities to breach other network segments. Attackers can be both internal and external.”
To eliminate the vulnerability, users need to update the system to ePO 5.10.0 Update 9.
Previously, Positive Technologies had discovered a dangerous vulnerability in McAfee ATM security software.
Recommended AI News: nLIGHT Launches Programmable Laser for Metal Additive Manufacturing
For 18 years, Positive Technologies has created innovative solutions for information security. We develop products and services to detect, verify, and neutralize the real-world business risks associated with corporate IT infrastructure. Our technologies are backed by years of research experience and the expertise of world-class cybersecurity experts. Over 2,000 companies in 30 countries trust us to keep them safe.
Recommended AI News: Daily AI Roundup: The 5 Coolest Things On Earth Today