CVE-2014-2390 — Cross-Site Request Forgery in Network Security Manager

CWE-352 — Cross-Site Request Forgery2 documents2 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 71.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Network Security Manager

Timeline

PublishedAug 29

Latest updateMay 14

Description

Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmcafee/network_security_manager6.1.15 — 6.1.15.39+4

🔴Vulnerability Details

GHSA

GHSA-grh6-4r7m-jg4c: Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6↗2022-05-14

▶