CVE-2017-3968 — Session Fixation in Network Data Loss Prevention

CWE-384 — Session Fixation3 documents3 sources

Severity

9.1CRITICALNVD

OSV8.2

EPSS

0.4%

top 40.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Network Data Loss Prevention Mcafee Network Security Management Mcafee Network Security Manager +1 more

Timeline

PublishedJun 13

Latest updateMay 13

Description

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages5 packages

▶CVEListV5mcafee/network_data_loss_prevention9.3 — 9.3.4.1.5 Hotfix 1201697_47868

▶NVDmcafee/network_data_loss_prevention< 9.3.4.1.5

▶NVDmcafee/network_security_manager< 8.2.7.42.2

▶CVEListV5mcafee/network_security_management8 — 8.2.7.42.2

▶Ubuntusudo_project/sudo< 1.8.9p5-1ubuntu1.5+esm1

🔴Vulnerability Details

GHSA

GHSA-wp6v-87jv-h5gr: Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8↗2022-05-13

▶

OSV

sudo vulnerability↗2019-05-29

▶