CVE-2019-3597 — LLC Mcafee Network Security Manager vulnerability

2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 38.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Network Security Manager Mcafee Network Security Manager

Timeline

PublishedMar 26

Latest updateMay 13

Description

Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDmcafee/network_security_manager9.1 — 9.1.7.75+1

▶CVEListV5mcafee_llc/mcafee_network_security_manager9.1 — 9.1.7.75.2+1

🔴Vulnerability Details

GHSA

GHSA-g6rf-q96g-qx69: Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9↗2022-05-13

▶