McAfee ePO 5.10 Update 14 XXE via Agent Handler API causing SSRF
CVE-2022-3338 Published on October 18, 2022
XXE in Trellix ePO server
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.
Vulnerability Analysis
CVE-2022-3338 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a XXE Vulnerability?
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2022-3338 has been classified to as a XXE vulnerability or weakness.
Products Associated with CVE-2022-3338
Want to know whenever a new CVE is published for McAfee Epolicy Orchestrator? stack.watch will email you.
Affected Versions
Trellix ePolicy Orchestrator (ePO):- Version unspecified and below 5.10 Update 14 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.