PT-2020-10906 · Mcafee · Mcafee Web Advisor

Published

2020-02-24

Updated

2020-02-25

CVE-2019-3670

CVSS v3.1

8.0

High

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions McAfee Web Advisor versions 8.0.34745 and earlier

Description The issue allows a remote unauthenticated attacker to execute arbitrary code via a cross-site scripting attack. This is a Remote Code Execution vulnerability in the web interface.

Recommendations For McAfee Web Advisor versions 8.0.34745 and earlier, update to a version later than 8.0.34745 to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-3670

Affected Products

Mcafee Web Advisor

PT-2020-10906 · Mcafee · Mcafee Web Advisor

CVE-2019-3670

Weakness Enumeration

Related Identifiers

Affected Products

References · 4