Detections
Analytics
McAfee Cloud Single Sign On < 4.0.1 Information Disclosure (SB10066) (Windows)
medium Nessus Plugin ID 73187
Language:
Synopsis
The remote host is affected by an information disclosure vulnerability.Description
A version of McAfee Cloud Single Sign On (MCSSO) prior to 4.0.1 is installed on the remote host. It is, therefore, affected by an information disclosure vulnerability due to a failure to sanitize user-supplied input, resulting in potential directory traversal. An attacker could potentially exploit this vulnerability to download arbitrary files, including one containing a hash of the product administrator's password.Solution
Upgrade to version 4.0.1 or later.See Also
https://www.zerodayinitiative.com/advisories/ZDI-14-050/
https://kc.mcafee.com/corporate/index?page=content&id=SB10066
Plugin Details
Severity: Medium
ID: 73187
File Name: mcafee_csso_SB10066_windows.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows
Published: 3/25/2014
Updated: 11/26/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.3
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2014-2536
Vulnerability Information
CPE: cpe:/a:mcafee:cloud_single_sign_on
Required KB Items: SMB/mcafee_csso/Path, SMB/mcafee_csso/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 11/11/2013
Vulnerability Publication Date: 3/7/2014
Reference Information
CVE: CVE-2014-2536
BID: 66181
MCAFEE-SB: SB10066