Skip to main content
Close
0 Results Found
              Back To Results
                Advisories

                McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability

                Advisory ID: SWRX-2009-002

                Advisory Information

                • Title: McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
                • Advisory ID: SWRX-2009-002
                • Date published: Wednesday, November 11, 2009
                • CVE: CVE-2009-3566
                • CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
                • Date of last update: Wednesday, November 11, 2009
                • Vendors contacted: McAfee, Inc.
                • Release mode: Coordinated release
                • Discovered by: Daniel King, SecureWorks

                Summary

                McAfee Network Security Manager is vulnerable to authentication bypass via HTTP session cookie hijacking. A remote attacker could exploit this vulnerability to hijack an existing session to the Network Security Manager.

                Download the PDF

                PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

                SecureWorks CTU Public Key


                Close Modal
                Close Modal