Vulnerabilities > CVE-2017-3966 - Insufficient Session Expiration vulnerability in Mcafee Network Security Manager

CVSS 6.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

mcafee

CWE-613

NVD

Published: 2018-04-04

Updated: 2023-11-07

Summary

Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Network Security Manager 6.1.15 Mcafee Network Security Manager 6.1.15.38 Mcafee Network Security Manager 6.1.15.39 Mcafee Network Security Manager 7.1.5 Mcafee Network Security Manager 7.1.5.14 Mcafee Network Security Manager 7.1.5.15 Mcafee Network Security Manager 7.1.15 Mcafee Network Security Manager 7.1.15.6 Mcafee Network Security Manager 7.1.15.7 Mcafee Network Security Manager 7.5.5 Mcafee Network Security Manager 7.5.5.8 Mcafee Network Security Manager 7.5.5.9 Mcafee Network Security Manager 8.1.7 Mcafee Network Security Manager 8.1.7.2 Mcafee Network Security Manager 8.1.7.3	15

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10192