CVE-2024-4844 HIGH

CVE-2024-4844

Vendor Trellix
Product ePolicy Orchestrator
Weakness CWE-798 · Hardcoded credentials
Published May 16, 2024
Last update August 1, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on.

Key dates

02Disclosure timeline

May 16, 2024 CVE published
August 1, 2024 Record updated