cbcvebase.
CVE-2017-3968
published 2018-06-13

CVE-2017-3968: Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP)…

PriorityP349critical9.1CVSS 3.0
AVNACLPRNUINSUCHIHAN
EPSS
1.50%
71.0th percentile
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

Affected

5 ranges
VendorProductVersion rangeFixed in
mcafeenetwork_data_loss_prevention< 9.3.4.1.59.3.4.1.5
mcafeenetwork_data_loss_prevention>= 9.3 < 9.3.4.1.5 Hotfix 1201697_478689.3.4.1.5 Hotfix 1201697_47868
mcafeenetwork_security_management>= 8 < 8.2.7.42.28.2.7.42.2
mcafeenetwork_security_manager< 8.2.7.42.28.2.7.42.2
sudo_projectsudo>= 0 < 1.8.9p5-1ubuntu1.5+esm11.8.9p5-1ubuntu1.5+esm1

CVSS provenance

nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv8.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.