Vulnerabilities > CVE-2003-0148 - Unspecified vulnerability in Mcafee Epolicy Orchestrator
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Nessus
NASL family | Web Servers |
NASL id | EPOLICY_ORCHESTRATOR_MULTIPLE_ISSUES.NASL |
description | According to its banner, the remote version of ePolicy Orchestrator has multiple vulnerabilities which may allow an attacker to gain information on the MSDE installation of this host, or even execute arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11812 |
published | 2003-07-31 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11812 |
title | ePolicy Orchestrator Multiple Remote Vulnerabilities (OF, FS) |
code |
|