6.5
CVE-2017-3966
- EPSS 0.22%
- Veröffentlicht 04.04.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:26:23
- Quelle trellixpsirt@trellix.com
- Teams Watchlist Login
- Unerledigt Login
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mcafee ≫ Network Security Manager Version < 8.2.7.42.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.417 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| trellixpsirt@trellix.com | 6.4 | 0.9 | 5.5 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."