CVE-2022-0858 is a cross-site scripting (XSS) vulnerability identified in McAfee Enterprise ePolicy Orchestrator (ePO) versions prior to 5.10 Update 13. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), allowing an attacker to inject malicious scripts into the ePO web interface. Exploitation requires the attacker to craft a malicious link and convince an ePO administrator to click it. Upon successful exploitation, the attacker can hijack the administrator's session, gaining limited ability to alter information within the ePO interface. The vulnerability is constrained to specific UI areas, limiting the scope of potential modifications. No authentication bypass or privilege escalation beyond the administrator's existing permissions is indicated. There are no known exploits in the wild, and no official patch links are provided in the data, though the vulnerability is fixed in version 5.10 Update 13. The attack vector is remote and relies on social engineering to induce the administrator to interact with the malicious payload. The vulnerability affects the confidentiality and integrity of the ePO management console by exposing session tokens and enabling unauthorized changes within the system's UI.

For European organizations, this vulnerability poses a moderate risk primarily to the security management infrastructure. McAfee ePO is widely used in enterprise environments for centralized security management, including endpoint protection and policy enforcement. Successful exploitation could lead to unauthorized access to the ePO administrator session, potentially allowing attackers to alter security policies, disable protections, or manipulate logs, thereby undermining the organization's security posture. This could facilitate further attacks, data breaches, or compliance violations, especially in regulated sectors such as finance, healthcare, and critical infrastructure. The impact is heightened in organizations with high reliance on McAfee ePO for security orchestration. However, the limited scope of UI areas affected and the need for user interaction reduce the likelihood of widespread compromise. Nonetheless, given the strategic importance of ePO in managing security controls, even limited unauthorized changes can have cascading effects on organizational security.

Organizations should prioritize upgrading McAfee ePO to version 5.10 Update 13 or later, where this vulnerability is addressed. In the absence of immediate patching, implement strict access controls to limit ePO administrator access to trusted personnel only. Employ network segmentation to restrict ePO management console access to secure internal networks or VPNs, minimizing exposure to external threats. Educate administrators about phishing and social engineering risks to reduce the chance of clicking malicious links. Enable multi-factor authentication (MFA) for ePO administrator accounts to mitigate session hijacking risks. Monitor ePO logs for unusual administrative activities or session anomalies that could indicate exploitation attempts. Additionally, consider deploying web application firewalls (WAFs) with rules to detect and block XSS payloads targeting the ePO interface. Regularly review and audit ePO configurations and policies to detect unauthorized changes promptly.