CVE-2014-2390
Published Aug 29, 2014
Last updated 6 years ago
Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- Per: https://kc.mcafee.com/corporate/index?page=content&id=SB10081 "Affected Versions: 8.1.7.2 and earlier 7.5.5.8 and earlier 7.1.15.6 and earlier 7.1.5.14 and earlier 6.1.15.38 and earlier"
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BC6A8AB-F3C6-4A64-8637-E40FFE878B5E",
"versionEndExcluding": "6.1.15.39",
"versionStartIncluding": "6.1.15"
},
{
"criteria": "cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5F9C05B-0DC3-4F41-81B1-F50C3453E9FE",
"versionEndExcluding": "7.1.5.15",
"versionStartIncluding": "7.1.5"
},
{
"criteria": "cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F7BBA25-C041-45B9-9901-2D9D9D3C5F44",
"versionEndExcluding": "7.1.15.7",
"versionStartIncluding": "7.1.15"
},
{
"criteria": "cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D26EC45-C91A-48D9-9281-B377F2419326",
"versionEndExcluding": "7.5.5.9",
"versionStartIncluding": "7.5.5"
},
{
"criteria": "cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AAC71CC-470E-43D0-8F08-8E24CDC684C7",
"versionEndExcluding": "8.1.7.3",
"versionStartIncluding": "8.1.7"
}
],
"operator": "OR"
}
]
}
]