Lucene search

TrellixCVELIST:CVE-2017-3968

HistoryJun 13, 2018 - 8:00 p.m.

CVE-2017-3968 McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability

2018-06-1320:00:00

trellix

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

CNA Affected

[
  {
    "platforms": [
      "x86"
    ],
    "product": "Network Security Management (NSM)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "8.2.7.42.2",
        "status": "affected",
        "version": "8",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "x86"
    ],
    "product": "Network Data Loss Prevention (NDLP)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "9.3.4.1.5 Hotfix 1201697_47868",
        "status": "affected",
        "version": "9.3",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10192

kc.mcafee.com/corporate/index?page=content&id=SB10198

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVELIST:CVE-2017-3968