CVE-2017-3968

EPSS 0.38%
Veröffentlicht 13.06.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:26:23
Quelle trellixpsirt@trellix.com
CVE-Watchlists
Login
Unerledigt
Login

McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mcafee ≫ Network Data Loss Prevention Version < 9.3.4.1.5

Mcafee ≫ Network Security Manager Version < 8.2.7.42.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.597

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
trellixpsirt@trellix.com	7.5	1.7	5.3	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://kc.mcafee.com/corporate/index?page=content&id=SB10198

https://kc.mcafee.com/corporate/index?page=content&id=SB10192

https://nvd.nist.gov/vuln/detail/CVE-2017-3968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3968

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-3968