Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0176 ePolicy Orchestrator update fixes a Java vulnerability (CVE-2019-2602) (SB10285) 5 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee ePolicy Orchestrator Operating System: Windows Virtualisation Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-2602 Member content until: Sunday, August 4 2019 Reference: ASB-2019.0118 ESB-2019.2400 ESB-2019.2391 ESB-2019.2372 OVERVIEW McAfee has released updates for ePolicy Orchestrator that fixes a Java vulnerability [1] IMPACT McAfee has provided the following information regarding the vulnerability and impact: "Vulnerability Description CVE-2019-2602: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE." [1] MITIGATION "McAfee strongly recommends that you install the latest update or hotfix for your version of ePO. o Users of ePO 5.10.0 - Update to 5.10.0 Update 4. o Users of ePO 5.9.1 - Apply HF1271813, or upgrade to ePO 5.10.0 Update 4. o Users of ePO 5.9.0 - Upgrade to ePO 5.9.1 and apply HF1271813 or upgrade to ePO 5.10.0 Update 4." [1] REFERENCES [1] ePolicy Orchestrator update fixes a Java vulnerability (CVE-2019-2602) (SB10285) https://kc.mcafee.com/corporate/index?page=content&id=SB10285 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXR6TCWaOgq3Tt24GAQiRlg//bP6p+YLNvhY5G7GHqY+g1M6uNQ9jIXd7 yFO8+OdTTE2fHaHt3J8D3K3gYmD4SKwjP76rUvSv7Caz1Y8f95nFMuaHUb6SHVwx i9uqzawDVVR7SI97JWNorDu263KHlsv95/VY7WmXyIodbWIy5wvStdX2+egruLWq hD4HnglIbnFyzgIYHHk6g2E1l1pZ2FN2HO0jhFe+QmAHqIJsnpb03bWD6kcXnibt acI7ark2irbRLLAzWz9jgTAZXkBZ+T5wM70fcXycXV9gcoOzA+uxXDdluHlaU6TC Bx2LUDcBsAake4OS954YJLhp9qPUy79eMNjAjP8+q2DRtWw/PQavCQPw6CqP2v4f LuIX8TsRrZIlQGlnO2gIRebDfoBeucgHD0Csw1bZSlKbspWBPi0le73YF8IPZNx4 bBkoFdOH/FTRAA7PlAyVRGA9Qf9y9XeVxastV6hInqPbzPuQgL7gMJeiwPUwry/a 5bNIsIB5Q5FnUdlkm0Y7qWugKDrZzmhwhj/iaBA/VFUf3KWG8T1aS4CwxfLNI97I iIpQsUx3ZXMVlqlN3J00PhAXfBt/Ncn22J3ZWn1OZmbY0/XvaVZyZ9OdMTlkeHP0 5+vOfJE4SLk7eOB6FnjtVIWc/jQApnU6FlNvgNWzHdtKJUR+jjIMJAW2+y//o3vc bu4lJo/YBSw= =O01L -----END PGP SIGNATURE-----