cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
User16096767
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 6

ePO Agent 5.5.1.342

Hello All,

Recent vulnerability assesment found ePO Agent 5.5.1.342 for Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32).

Any information for this vulnerability?

5 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: ePO Agent 5.5.1.342

The ciphers the agent uses are controlled by the epo server certificates.  Please refer to security bulletin SB10197

ePO:
To remediate this issue:

  • Users of ePO 5.3.2 or earlier are recommended to upgrade to ePO 5.3.3 or 5.9.1.
  • Users of ePO 5.9.0 are recommended to upgrade to ePO 5.9.1.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

User16096767
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

Re: ePO Agent 5.5.1.342

The vulnerability is on port 7550. The Service responding is macmnsvc.exe.

Why the agent is responding to port 7550?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: ePO Agent 5.5.1.342

What ports are you using in your environment?  Do you have peer to peer or relay server enabled in the agent policy?  Is it a superagent?  Is the traffic inbound or outbound?  A request may come in on a certain port and a response go out on an ephemeral port or vice-versa.  If you feel there is an issue, you will need to open a ticket with McAfee - all vulnerability questions/issues go to dev to answer unless there is a fix already documented.  I would suggest first maybe capturing a wireshark capture, get data as to what exact traffic is coming in and out on that port, as well as a corresponding procmon log (Microsoft process monitor) for same time frame that captures what each process is doing, and finally a mer from the system to view agent and system data.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

User16096767
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: ePO Agent 5.5.1.342

The ports that we use in our environment are:

80

443

8081

8082

8443

8444

Peer to Peer was enable a couple of months ago, but we disabled it few days ago due to unrelated issue.

Vulnerability assement is showing from endpoints with Linux OS. We haven't seen on Windows yet.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: ePO Agent 5.5.1.342

The agent will only use those ports for outbound to server/repository or peer, and inbound from server.  I would want to see what is making a request to that service to have it respond on an ephemeral port.  That service is used for wakeups, superagent functionality and that type of behavior.  Perhaps some linux process is querying the process?  You would have to find an alternative command or app for monitoring processes in Linux but still a wireshark might be helpful.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community