Detections
Analytics
McAfee MacOSX DLPe Agent 11.3.x < 11.3.31 / 11.4.x < 11.4.200 / 11.5.x < 11.5.2 Multiple Vulnerabilities (SB10326)
medium Nessus Plugin ID 139732
Language:
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The version of the McAfee Data Loss Prevention Endpoint (DLPe) Agent installed on the remote MacOSX host is 11.3.x prior to 11.3.31, 11.4.x prior to 11.4.200, or 11.5.x prior to 11.5.2. It is, therefore, affected by multiple vulnerabilities:- Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text credentials. (CVE-2020-7306)
- Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. (CVE-2020-7307)
Solution
Upgrade to McAfee DLPe 11.3.31 or 11.4.200 or 11.5.2 or later.See Also
https://kc.mcafee.com/corporate/index?page=content&id=SB10326
Plugin Details
Severity: Medium
ID: 139732
File Name: mcafee_dlpe_SB10326.nasl
Version: 1.3
Type: local
Family: Misc.
Published: 8/21/2020
Updated: 9/21/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2020-7307
CVSS v3
Risk Factor: Medium
Base Score: 5.2
Temporal Score: 4.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:mcafee:data_loss_prevention_endpoint
Required KB Items: Host/MacOSX/Version, installed_sw/McAfee DLPe Agent
Exploit Ease: No known exploits are available
Patch Publication Date: 8/11/2020
Vulnerability Publication Date: 8/11/2020
Reference Information
CVE: CVE-2020-7306, CVE-2020-7307
IAVA: 2020-A-0378-S
MCAFEE-SB: SB10326