CVE-2024-4844

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4844

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

H

ardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on.

References
Link Resource
https://thrive.trellix.com/s/article/000013505
https://thrive.trellix.com/s/article/000013505
Configurations

No configuration.

History

21 Nov 2024, 09:43

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de credenciales codificadas de forma rígida en Trellix ePolicy Orchestrator (ePO) on Premise anterior a la versión 5.10 Service Pack 1 Update 2 permite a un atacante con privilegios de administrador en el servidor ePO leer el contenido del archivo orion.keystore, lo que le permite acceder a la clave de cifrado de la base de datos de ePO. Esto era posible mediante el uso de una contraseña codificada de forma rígida para el almacén de claves. Las restricciones de control de acceso en el archivo significan que esto no sería explotable a menos que el usuario sea el administrador del sistema del servidor en el que se ejecuta ePO.
References () https://thrive.trellix.com/s/article/000013505 - () https://thrive.trellix.com/s/article/000013505 -

16 May 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-16 07:15

Updated : 2024-11-21 09:43

NVD link : CVE-2024-4844

Mitre link : CVE-2024-4844

CVE.ORG link : CVE-2024-4844

JSON object : View

Products Affected

No product.

CWE
CWE-798

Use of Hard-coded Credentials