Описание
McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.
Уязвимые конфигурации
Конфигурация 1Версия до 4.7 (включая)Версия до 10.0 (включая)
Одно из
cpe:2.3:a:mcafee:enterprise_mobility_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:enterprise_mobility_manager_agent:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00176
Низкий
3.5 Low
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.
EPSS
Процентиль: 39%
0.00176
Низкий
3.5 Low
CVSS2
Дефекты
CWE-264