CVE-2017-3968

EPSS 0.54%
Veröffentlicht 13.06.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:26:23
Quelle trellixpsirt@trellix.com
Teams Watchlist Login
Unerledigt Login

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mcafee ≫ Network Data Loss Prevention Version < 9.3.4.1.5

Mcafee ≫ Network Security Manager Version < 8.2.7.42.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.649

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
trellixpsirt@trellix.com	7.5	1.7	5.3	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://kc.mcafee.com/corporate/index?page=content&id=SB10198

https://kc.mcafee.com/corporate/index?page=content&id=SB10192

https://nvd.nist.gov/vuln/detail/CVE-2017-3968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3968

EUVD