Unrated severityNVD Advisory· Published Jun 13, 2018· Updated Aug 5, 2024

McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability

CVE-2017-3968

Description

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

Affected products

McAfee/Network Data Loss Preventionllm-fuzzy2 versions
<9.3.4.1.5+ 1 more
- (no CPE)range: <9.3.4.1.5
- (no CPE)range: 9.3
McAfee/Intrushield Security Management Systemllm-fuzzy2 versions
<8.2.7.42.2+ 1 more
- (no CPE)range: <8.2.7.42.2
- (no CPE)range: 8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kc.mcafee.com/corporate/indexmitrex_refsource_CONFIRM
kc.mcafee.com/corporate/indexmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000