0 Results Found
            Back To Results
              Advisory

              McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability

              Advisory ID: SWRX-2009-002


              Advisory Information
              • Title: McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
              • Advisory ID: SWRX-2009-002
              • Date published: Wednesday, November 11, 2009 
              • CVE: CVE-2009-3566 
              • CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:P/I:N/A:N) 
              • Date of last update: Wednesday, November 11, 2009 
              • Vendors contacted: McAfee, Inc. 
              • Release mode: Coordinated release 
              • Discovered by: Daniel King, SecureWorks

              Summary
              McAfee Network Security Manager is vulnerable to authentication bypass via HTTP session cookie hijacking. A remote attacker could exploit this vulnerability to hijack an existing session to the Network Security Manager.

              Download the PDF

              PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

              SecureWorks CTU Public Key

              Related Content