CVE-2017-3897

EPSS 11.7%

Vexday Risk Score

28Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 11.7%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

30 Jul 2017Public PoC

01 Sep 2017Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.

Affected products

McAfee · Live Safe McAfee · Security Scan Plus

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/44067unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS102723 http://www.securityfocus.com/bid/100100