CVE-2017-3965

SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability

CVSS 8.8 HIGHEPSS 0.5%

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Apr 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

McAfee · Network Security Management (NSM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10192