Two vulnerabilities in EPO have been discovered and resolved.
AFFECTED SOFTWARE
• EPO 5.1.3 and lower
• EPO 5.3.2 and lower
REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions: EPO5xHF1159423.zip
IMPACT
• CVE-2016-6304 (CVSS: 4.4 / 3.9; Severity: Medium)
• CVE-2016-2183 (CVSS: 5.3 / 4.6; Severity: Medium)
• CVE-2016-2182 (CVSS: 4.4 / 3.9; Severity: Medium)
• CVE-2016-7052 (CVSS: 4.4 / 4.0; Severity: Medium)
RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10171 - Intel Security ePolicy Orchestrator update fixes multiple OpenSSL vulnerabilities. ( https://kc.mcafee.com/corporate/index?page=content&id=SB10171)
AFFECTED SOFTWARE
• EPO 5.1.3 and lower
• EPO 5.3.2 and lower
REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions: EPO5xHF1159423.zip
IMPACT
• CVE-2016-6304 (CVSS: 4.4 / 3.9; Severity: Medium)
• CVE-2016-2183 (CVSS: 5.3 / 4.6; Severity: Medium)
• CVE-2016-2182 (CVSS: 4.4 / 3.9; Severity: Medium)
• CVE-2016-7052 (CVSS: 4.4 / 4.0; Severity: Medium)
RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10171 - Intel Security ePolicy Orchestrator update fixes multiple OpenSSL vulnerabilities. ( https://kc.mcafee.com/corporate/index?page=content&id=SB10171)