A new exploit tool has been released, specifically built to attack McAfee’s ePolicy Orchestrator (ePO). The exploit targets two vulnerabilities (CVE-2013-0140 and CVE-2013-0141) found in McAfee ePO versions 4.6.5 and earlier. The attacker must be on the local network in order to exploit these vulnerabilities.
The exploit tool allows an attacker on the local network to add rogue systems to an enterprise ePO server, steal domain credentials if they are cached within ePO, upload files to the ePO server, and execute commands on the ePO server as well as any systems managed by ePO.
McAfee issued a patch for these vulnerabilities last year. The exploit targets vulnerable versions 4.6.0 to 4.6.5, so if you have not updated now would be a good time to do so. Tripwire IP360 will detect CVE-2013-0140 and CVE-2013-0141 on your network.
A video was published last year showing the tool, but the tool itself was just recently released to the public: