First published: Tue Mar 26 2019(Updated: )
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
McAfee Network Security Manager | >=9.1<9.1.7.75 | |
McAfee Network Security Manager | >=9.2<9.2.7.31 | |
>=9.1<9.1.7.75 | ||
>=9.2<9.2.7.31 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3597 is an authentication bypass vulnerability in McAfee Network Security Manager (NSM) versions 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) that allows unauthenticated users to gain administrator rights.
CVE-2019-3597 has a severity rating of 9.8, which is considered critical.
McAfee Network Security Manager versions 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) are affected by CVE-2019-3597.
An unauthenticated user can gain administrator rights by exploiting the incorrect handling of expired GUI sessions in McAfee Network Security Manager.
You can find more information about CVE-2019-3597 on SecurityFocus (http://www.securityfocus.com/bid/107609) and the official McAfee website (https://kc.mcafee.com/corporate/index?page=content&id=SB10275).