McAfee Firewall Reporter Remote Authentication Bypass Vulnerability

Last Update Date: 13 Apr 2011 15:51 Release Date: 13 Apr 2011 5190 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in McAfee Firewall Reporter, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a design error within the "GernalUtilities.pm" script that checks for the existence of a particular file without verifying its contents while authenticating users, which could allow an attacker to bypass authentication and gain unauthorized access to the application by pointing the "cgisess" cookie value to an arbitrary file that exists on the server.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • McAfee Firewall Reporter versions prior to 5.1.0.13

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Novell ZENworks Configuration Management File Overwrite Vulnerability

12 Apr 2011 5302 Views

Next

Microsoft Internet Explorer Multiple Vulnerabilities

13 Apr 2011 5118 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY