CVE-2017-3968

EPSS 0.54%
Published 13.06.2018 20:29:00
Last modified 21.11.2024 03:26:23
Source trellixpsirt@trellix.com
Teams watchlist Login
Open Login

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Network Data Loss Prevention Version < 9.3.4.1.5

Mcafee ≫ Network Security Manager Version < 8.2.7.42.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.54%	0.649

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
trellixpsirt@trellix.com	7.5	1.7	5.3	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://kc.mcafee.com/corporate/index?page=content&id=SB10198

https://kc.mcafee.com/corporate/index?page=content&id=SB10192

https://nvd.nist.gov/vuln/detail/CVE-2017-3968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3968

EUVD