The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of McAfee ISM

computer vulnerability announce CVE-2009-3566

McAfee NSM: stealing authentication cookie

Synthesis of the vulnerability

An attacker, who can use a Cross Site Scripting, can steal the authentication cookie of McAfee Network Security Manager.
Impacted products: McAfee ISM, McAfee NSM.
Severity: 1/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 12/11/2009.
Identifiers: BID-37004, CVE-2009-3566, SB10005, SWRX-2009-002, VIGILANCE-VUL-9197.

Description of the vulnerability

The HTTP Set-Cookie header defines a cookie. This header can also contain the HTTPOnly attribute:
  Set-Cookie: v=abc; HTTPOnly
This attribute indicates that this cookie cannot be accessed from JavaScript. This feature is supported since IE 6 SP1, Mozilla Firefox 3.0.0.6 and Opera 9.23, in order to protect a website against a Cross Site Scripting.

However, McAfee NSM does not use HTTPOnly. When NSM is impacted by a Cross Site Scripting (such as VIGILANCE-VUL-9196), an attacker can therefore steal the authentication cookie. The attacker can then spoof the identity of the administrator.

An attacker, who can use a Cross Site Scripting, can therefore steal the authentication cookie of McAfee Network Security Manager.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-3565

McAfee NSM: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in the Login.jsp page of McAfee Network Security Manager, in order to execute JavaScript code on administrator's computer.
Impacted products: McAfee ISM, McAfee NSM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/11/2009.
Identifiers: BID-37003, CERTA-2009-AVI-497, CVE-2009-3565, SB10004, SWRX-2009-001, VIGILANCE-VUL-9196.

Description of the vulnerability

The access to McAfee Network Security Manager requires an authentication:
  https://server/intruvert/jsp/module/Login.jsp?password=...&node=...&iaction=...

However, NSM does not filter "node" and "iaction" parameters, before displaying them back.

An attacker can therefore generate a Cross Site Scripting in the Login.jsp page of McAfee Network Security Manager, in order to execute JavaScript code on administrator's computer.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.