CVE-2012-4587

low

Trellix

CVSS v3 Base Score

3.5

AV:N/AC:M/Au:S/C:P/I:N/A:N

EPSS Score

0.2%

Exploitation probability in 30 days

Top 61% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

None

Availability

None

Published: August 22, 2012 (5013 days ago)

Last Modified: April 29, 2026

Vendor: Trellix

Source: NVD

Description

McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.

CWE

CWE-264

Affected Products

mcafee enterprise mobility managermcafee enterprise mobility manager agent

References

🔗 exchange.xforce.ibmcloud.com 🔗 kc.mcafee.com 🔗 exchange.xforce.ibmcloud.com 🔗 kc.mcafee.com

CVE-2012-4587

Vulnerability Report

Description

CWE

Affected Products

References