CVE-2024-4844

Name of the Vulnerable Software and Affected Versions Trellix ePolicy Orchestrator (ePO) on Premise versions prior to 5.10 Service Pack 1 Update 2

Description A hardcoded credentials issue allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, accessing the ePO database encryption key. This is possible due to a hard-coded password for the keystore. The vulnerability is only exploitable if the user is the system admin for the server that ePO is running on.

Recommendations For versions prior to 5.10 Service Pack 1 Update 2, update to version 5.10 Service Pack 1 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the orion.keystore file to minimize the risk of exploitation.