CVE-2017-3965

HIGH

McAfee Network Security Manager < 8.2.7.42.2 - Cross-Site Request Forgery

Title source: llm

Description

Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10192

Scores

CVSS v3 8.8

EPSS 0.0018

EPSS Percentile 39.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

mcafee/network_security_manager < 8.2.7.42.2

Published Apr 04, 2018

Tracked Since Feb 18, 2026