PT-2014-4674 · Mcafee · Mcafee Network Security Management
Published
2014-08-29
·
Updated
2018-12-12
·
CVE-2014-2390
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
McAfee Network Security Manager (NSM) versions prior to 6.1.15.39
McAfee Network Security Manager (NSM) versions 7.1.5.x prior to 7.1.5.15
McAfee Network Security Manager (NSM) versions 7.1.15.x prior to 7.1.15.7
McAfee Network Security Manager (NSM) versions 7.5.x prior to 7.5.5.9
McAfee Network Security Manager (NSM) versions 8.x prior to 8.1.7.3
Description
A cross-site request forgery (CSRF) issue in the User Management module allows remote attackers to hijack user authentication for requests that modify user accounts.
Recommendations
For versions prior to 6.1.15.39, update to version 6.1.15.39 or later.
For versions 7.1.5.x prior to 7.1.5.15, update to version 7.1.5.15 or later.
For versions 7.1.15.x prior to 7.1.15.7, update to version 7.1.15.7 or later.
For versions 7.5.x prior to 7.5.5.9, update to version 7.5.5.9 or later.
For versions 8.x prior to 8.1.7.3, update to version 8.1.7.3 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcafee Network Security Management