Hardcoded Credentials Vulnerability in Trellix ePolicy Orchestrator
CVE-2024-4844

7.5HIGH

Key Information:

Vendor: Trellix
Status: Epolicy Orchestrator
Vendor: CVE Published:; 16 May 2024

What is CVE-2024-4844?

A hardcoded credentials vulnerability exists in Trellix ePolicy Orchestrator (ePO) on Premise versions prior to 5.10 Service Pack 1 Update 2. This vulnerability enables an attacker with administrative privileges on the ePO server to potentially access sensitive information, specifically the contents of the orion.keystore file. By exploiting a hardcoded password associated with this keystore, the attacker could retrieve the database encryption key, compromising data integrity and confidentiality. The exploit requires the attacker to be in a position of elevated privileges on the system, limiting exposure to system administrators.

Affected Version(s)

ePolicy Orchestrator Windows All versions below ePO 5.10 Service Pack 1 Update 2

References

https://thrive.trellix.com/s/article/000013505

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
May 13, 2024

Credit

David Mayer from Neuvik