CVE-2024-4844

May 16, 2024, 1:03 p.m.

7.5
High

Description

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on.

Product(s) Impacted

Product Versions
Trellix ePolicy Orchestrator (ePO) on Premise
  • before 5.10 Service Pack 1 Update 2

Weaknesses

References

https://thrive.trellix.com/s/article/000013505

Tags

CWE-798
2024-05-16
trellixpsirt@trellix.com
CVE-2024-4844

CVSS Score

7.5 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: May 16, 2024, 7:15 a.m.
  • Last Modified: May 16, 2024, 1:03 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

trellixpsirt@trellix.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.