Advisories

McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability

Wednesday, November 11, 2009

Advisory ID: SWRX-2009-002

Advisory Information

Title: McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
Advisory ID: SWRX-2009-002
Date published: Wednesday, November 11, 2009
CVE: CVE-2009-3566
CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Date of last update: Wednesday, November 11, 2009
Vendors contacted: McAfee, Inc.
Release mode: Coordinated release
Discovered by: Daniel King, SecureWorks

Summary

McAfee Network Security Manager is vulnerable to authentication bypass via HTTP session cookie hijacking. A remote attacker could exploit this vulnerability to hijack an existing session to the Network Security Manager.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key

Introducing Red Cloak™ Threat Detection & Response Webcast

BY INDUSTRY

2019 Gartner Magic Quadrant for Managed Security Services, Worldwide

Digital Transformation Executive Report

Has Poor Cyber Hygiene Reached Crisis Point?

Hiring superstars

McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability

Advisory ID: SWRX-2009-002

Advisory Information

Summary

Related Content

State of the [BRONZE] UNION Snapshot

A Peek into BRONZE UNION’s Toolbox

Vulnerability in ShoreTel Conferencing Platform