Detections
Analytics

McAfee SmartFilter Administration < 4.2.1.01 Unauthenticated Access to JBOSS RMI (SB10029)

critical Nessus Plugin ID 69916

Language:

Synopsis

The remote host has a web application installed that is affected by a code execution vulnerability.

Description

The version of McAfee SmartFilter Administration installed on the remote Windows host is earlier than 4.2.1.01. It is, therefore, potentially affected by a code execution vulnerability. The Remote Method Invocation service can be used without authentication to deploy a malicious .war file. By exploiting this flaw, a remote, unauthenticated attacker could execute arbitrary code subject to the privileges of the user running the affected application.

Solution

Upgrade to McAfee SmartFilter Administration 4.2.1.01 or later.

See Also

https://kc.mcafee.com/corporate/index?page=content&id=SB10029

https://www.zerodayinitiative.com/advisories/ZDI-12-140/

Plugin Details

Severity: Critical

ID: 69916

File Name: mcafee_smartfilter_administration_remote_code_execution.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 9/16/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mcafee:smartfilter_administration

Required KB Items: SMB/McAfee SmartFilter Administration/Version, SMB/McAfee SmartFilter Administration/Path

Exploit Ease: No known exploits are available

Patch Publication Date: 8/17/2012

Vulnerability Publication Date: 5/25/2012

Reference Information

CVE: CVE-2012-4599

BID: 55088

IAVA: 2012-A-0140

MCAFEE-SB: SB10029