CVE-2015-2859

medium

Description

Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10120

https://kc.mcafee.com/corporate/index?page=content&id=KB84628

http://www.securitytracker.com/id/1032571

http://www.securityfocus.com/bid/75020

http://www.kb.cert.org/vuls/id/264092

Details

Source: Mitre, NVD

Published: 2015-06-23

Updated: 2016-12-03

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium