- ePO 5.1.3 and earlier
- ePO 5.3.2 and earlier
The vulnerability is remediated in these versions:
- ePO 5.1.3 + EPO5xHF1147158.zip
- ePO 5.3.1 + EPO5xHF1147158.zip
- ePO 5.3.2 + EPO5xHF1147158.zip
CVE-2016-2177 (CVSS: 5.9; Severity: High) ePO 5.1.3 and 5.3.2 and earlier versions of ePO consume OpenSSL 1.0.1r which is vulnerable to CVE-2016-2177 (incorrectly uses pointer arithmetic for heap-buffer boundary checks).
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10165, Intel Security - Security Bulletin: ePolicy Orchestrator update fixes OpenSSL vulnerability CVE-2016-2177 (https://kc.mcafee.com/corporate/index?page=content&id=SB10165)