CVE-2017-3971 — Inadequate Encryption Strength in Network Security Management

CWE-326 — Inadequate Encryption Strength2 documents2 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 79.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Network Security Management Mcafee Network Security Manager

Timeline

PublishedApr 4

Latest updateMay 13

Description

Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mcafee/network_security_management8.2 — 8.2.7.42.2

▶NVDmcafee/network_security_manager< 8.2.7.42.2

🔴Vulnerability Details

GHSA

GHSA-cr6f-25f8-7583: Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8↗2022-05-13

▶