Server Name Validation Flaw in McAfee ePolicy Orchestrator for Intel Products
CVE-2015-2859

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator
Vendor: CVE Published:; 23 June 2015

Summary

The McAfee ePolicy Orchestrator from Intel has a server name validation vulnerability that affects various versions. This flaw occurs due to improper validation of server names and Certification Authority names in X.509 certificates received from SSL servers. As a result, malicious actors can exploit this vulnerability through crafted certificates to impersonate legitimate servers, potentially allowing them to intercept sensitive data. Organizations utilizing vulnerable versions of the ePolicy Orchestrator should prioritize updates to mitigate the associated risks.

References

http://www.kb.cert.org/vuls/id/264092

third-party-advisoryx_refsource_CERT-VN

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/75020

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 23, 2015
Vulnerability Reserved
Apr 3, 2015