Advisory ID: SWRX-2009-002
Advisory Information
- Title: McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
- Advisory ID: SWRX-2009-002
- Date published: Wednesday, November 11, 2009
- CVE: CVE-2009-3566
- CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
- Date of last update: Wednesday, November 11, 2009
- Vendors contacted: McAfee, Inc.
- Release mode: Coordinated release
- Discovered by: Daniel King, SecureWorks
Summary
McAfee Network Security Manager is vulnerable to authentication bypass via HTTP session cookie hijacking. A remote attacker could exploit this vulnerability to hijack an existing session to the Network Security Manager.
PGP Signature (PC Users: You may need to right click your mouse and select "Save As")
Secureworks has been acquired by Sophos. To view all new blogs, including those on threat intelligence from the Counter Threat Unit, visit: https://news.sophos.com/en-us/.