CVE-2017-3968 HIGH

CVE-2017-3968: McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability

Vendor Mcafee
Product Network Security Management (NSM)
Published June 13, 2018
Last update August 5, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

Key dates

02Disclosure timeline

June 13, 2018 CVE published
August 5, 2024 Record updated