CVE-2024-4844

7.5HIGH

Key Information

Vendor: Trellix
Status: Epolicy Orchestrator
Vendor: CVE Published:; 16 May 2024

Summary

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on.

Affected Version(s)

ePolicy Orchestrator = All versions below ePO 5.10 Service Pack 1 Update 2

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 16, 2024
Vulnerability Reserved.
May 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

David Mayer from Neuvik