CVE-2017-3968

EUVD-2017-13085
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L
trellixCNA
7.5 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
mcafeenetwork_data_loss_prevention
𝑥
< 9.3.4.1.5
mcafeenetwork_security_manager
𝑥
< 8.2.7.42.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10192
https://kc.mcafee.com/corporate/index?page=content&id=SB10198
https://kc.mcafee.com/corporate/index?page=content&id=SB10192
https://kc.mcafee.com/corporate/index?page=content&id=SB10198