Description
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on.
References (1)
Core 1
Core References
Various Sources
https://thrive.trellix.com/s/article/000013505
Scores
CVSS v3
7.5
EPSS
0.0023
EPSS Percentile
14.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (1)
Trellix/ePolicy Orchestrator
All versions below ePO 5.10 Service Pack 1 Update 2
Published
May 16, 2024
Tracked Since
Feb 18, 2026