-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0176
          ePolicy Orchestrator update fixes a Java vulnerability
                         (CVE-2019-2602) (SB10285)
                                5 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee ePolicy Orchestrator
Operating System:     Windows
                      Virtualisation
Impact/Access:        Denial of Service -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-2602  
Member content until: Sunday, August  4 2019
Reference:            ASB-2019.0118
                      ESB-2019.2400
                      ESB-2019.2391
                      ESB-2019.2372

OVERVIEW

        McAfee has released updates for ePolicy Orchestrator that 
        fixes a Java vulnerability [1]


IMPACT

        McAfee has provided the following information regarding the vulnerability and impact:
        
        "Vulnerability Description
        CVE-2019-2602:
        Easily exploitable vulnerability allows unauthenticated attacker with network
        access via multiple protocols to compromise Java SE. Successful attacks of this
        vulnerability can result in unauthorized ability to cause a hang or frequently
        repeatable crash (complete DOS) of Java SE." [1]


MITIGATION

        "McAfee strongly recommends that you install the latest update or hotfix for
        your version of ePO.  
        o Users of ePO 5.10.0 - Update to 5.10.0 Update 4.
        o Users of ePO 5.9.1 - Apply HF1271813, or upgrade to ePO 5.10.0 Update 4.
        o Users of ePO 5.9.0 - Upgrade to ePO 5.9.1 and apply HF1271813 or upgrade to
            ePO 5.10.0 Update 4." [1]


REFERENCES

        [1] ePolicy Orchestrator update fixes a Java vulnerability
            (CVE-2019-2602) (SB10285)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10285

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXR6TCWaOgq3Tt24GAQiRlg//bP6p+YLNvhY5G7GHqY+g1M6uNQ9jIXd7
yFO8+OdTTE2fHaHt3J8D3K3gYmD4SKwjP76rUvSv7Caz1Y8f95nFMuaHUb6SHVwx
i9uqzawDVVR7SI97JWNorDu263KHlsv95/VY7WmXyIodbWIy5wvStdX2+egruLWq
hD4HnglIbnFyzgIYHHk6g2E1l1pZ2FN2HO0jhFe+QmAHqIJsnpb03bWD6kcXnibt
acI7ark2irbRLLAzWz9jgTAZXkBZ+T5wM70fcXycXV9gcoOzA+uxXDdluHlaU6TC
Bx2LUDcBsAake4OS954YJLhp9qPUy79eMNjAjP8+q2DRtWw/PQavCQPw6CqP2v4f
LuIX8TsRrZIlQGlnO2gIRebDfoBeucgHD0Csw1bZSlKbspWBPi0le73YF8IPZNx4
bBkoFdOH/FTRAA7PlAyVRGA9Qf9y9XeVxastV6hInqPbzPuQgL7gMJeiwPUwry/a
5bNIsIB5Q5FnUdlkm0Y7qWugKDrZzmhwhj/iaBA/VFUf3KWG8T1aS4CwxfLNI97I
iIpQsUx3ZXMVlqlN3J00PhAXfBt/Ncn22J3ZWn1OZmbY0/XvaVZyZ9OdMTlkeHP0
5+vOfJE4SLk7eOB6FnjtVIWc/jQApnU6FlNvgNWzHdtKJUR+jjIMJAW2+y//o3vc
bu4lJo/YBSw=
=O01L
-----END PGP SIGNATURE-----