CVE-2019-3606 — Cleartext Storage of Sensitive Info in LLC Mcafee Network Security Manager

CWE-312 — Cleartext Storage of Sensitive Info2 documents2 sources

Severity

4.1MEDIUMNVD

EPSS

0.0%

top 92.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Network Security Manager Mcafee Network Security Manager

Timeline

PublishedMar 26

Latest updateMay 13

Description

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages2 packages

▶NVDmcafee/network_security_manager9.1 — 9.1.7.75+1

▶CVEListV5mcafee_llc/mcafee_network_security_manager9.1 — 9.1.7.75 (91.update 4)+1

🔴Vulnerability Details

GHSA

GHSA-xcf7-vc8w-v2qg: Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9↗2022-05-13

▶