6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.4%
The version of McAfee Vulnerability Manager installed is 7.0.x prior to 7.0.11.05002, 7.5.x earlier than 7.5.4, 7.5.4 prior to 7.5.4.05007, or 7.5.5 prior to 7.5.5.05002. It is, therefore, potentially affected by multiple cross-site scripting and cross-site request forgery vulnerabilities in the Enterprise Manager component.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(72588);
script_version("1.7");
script_cvs_date("Date: 2018/11/15 20:50:27");
script_cve_id("CVE-2014-1472", "CVE-2014-1473");
script_bugtraq_id(64795);
script_xref(name:"MCAFEE-SB", value:"SB10061");
script_name(english:"McAfee Vulnerability Manager Enterprise Manager Multiple Vulnerabilities (SB10061)");
script_summary(english:"Checks version of McAfee Vulnerability Manager");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a web application installed that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of McAfee Vulnerability Manager installed is 7.0.x prior to
7.0.11.05002, 7.5.x earlier than 7.5.4, 7.5.4 prior to 7.5.4.05007, or
7.5.5 prior to 7.5.5.05002. It is, therefore, potentially affected by
multiple cross-site scripting and cross-site request forgery
vulnerabilities in the Enterprise Manager component.");
script_set_attribute(attribute:"see_also", value:"https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-1472.html");
script_set_attribute(attribute:"see_also", value:"https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-1473.html");
script_set_attribute(attribute:"see_also", value:"https://kc.mcafee.com/corporate/index?page=content&id=SB10061");
script_set_attribute(attribute:"solution", value:
"Upgrade to McAfee Vulnerability Manager 7.0.11.05002, 7.5.4.05007,
7.5.5.05002, 7.5.6 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/08");
script_set_attribute(attribute:"patch_publication_date", value:"2014/01/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:vulnerability_manager");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_dependencies("mcafee_vulnerability_manager_installed.nbin");
script_require_keys("SMB/McAfee Vulnerability Manager/Path", "SMB/McAfee Vulnerability Manager EM/Version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("SMB/McAfee Vulnerability Manager EM/Version");
path = get_kb_item_or_exit("SMB/McAfee Vulnerability Manager/Path");
if (version =~ '^7\\.0\\.([0-9]|10)\\.')
fix = '7.0.11.05002';
else if (version =~ '^7\\.0\\.11\\.' && ver_compare(ver:version, fix:'7.0.11.05002') < 0)
fix = '7.0.11.05002';
else if (version =~ '^7\\.5\\.[0-3]\\.')
fix = '7.5.5.05002';
else if (version =~ '^7\\.5\\.4\\.' && ver_compare(ver:version, fix:'7.5.4.05007') < 0)
fix = '7.5.4.05007';
else if (version =~ '^7\\.5\\.5\\.' && ver_compare(ver:version, fix:'7.5.5.05002') < 0)
fix = '7.5.5.05002';
else
audit(AUDIT_INST_PATH_NOT_VULN, 'McAfee Vulnerability Manager Enterprise Manager', version, path);
set_kb_item(name:"www/0/XSS", value:TRUE);
set_kb_item(name:"www/0/XSRF", value:TRUE);
port = get_kb_item("SMB/transport");
if (!port) port = 445;
if (report_verbosity > 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
Vendor | Product | Version | CPE |
---|---|---|---|
mcafee | vulnerability_manager | cpe:/a:mcafee:vulnerability_manager |