Spoofing Vulnerability in McAfee Enterprise Mobility Manager Agent and Server
CVE-2012-4587

Currently unrated

Key Information:

Vendor: Mcafee
Status: Enterprise Mobility Manager; Enterprise Mobility Manager Agent
Vendor: CVE Published:; 22 August 2012

Summary

The McAfee Enterprise Mobility Manager (EMM) Agent and Server have a vulnerability stemming from an improper dependency on DNS SRV records when the one-time provisioning (OTP) mode is enabled. This flaw can be exploited by remote attackers to spoof the EMM server, potentially allowing them to intercept and discover user passwords entered on devices such as iOS. Organizations using affected versions of the EMM Agent or Server should take immediate action to mitigate risks associated with this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/78130

vdb-entryx_refsource_XF

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 22, 2012
Vulnerability Reserved
Aug 22, 2012