CVE-2017-3966

MEDIUM

McAfee Network Security Manager < 8.2.7.42.2 - Session Fixation via Exposed Session Token

Title source: llm

Description

Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10192

Scores

CVSS v3 6.4

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H

Details

CWE

CWE-613

Status published

Products (1)

mcafee/network_security_manager < 8.2.7.42.2

Published Apr 04, 2018

Tracked Since Feb 18, 2026