McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability
CVE-2017-3968

7.5HIGH

Key Information:

Vendor: Mcafee
Status: Network Security Management (nsm); Network Data Loss Prevention (ndlp)
Vendor: CVE Published:; 13 June 2018

Summary

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

Affected Version(s)

Network Data Loss Prevention (NDLP) x86 9.3 < 9.3.4.1.5 Hotfix 1201697_47868

Network Security Management (NSM) x86 8 < 8.2.7.42.2

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 13, 2018
Vulnerability Reserved
Dec 26, 2016