McAfee Firewall Enterprise OpenSSL Information Disclosure (SB10071) (Heartbleed)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by an information disclosure

Description :

The remote host has a version of McAfee Firewall Enterprise installed
that is affected by an out-of-bounds read error, known as Heartbleed,
in the TLS/DTLS implementation due to improper handling of TLS
heartbeat extension packets. A remote attacker, using crafted packets,
can trigger a buffer over-read, resulting in the disclosure of up to
64KB of process memory, which contains sensitive information such as
primary key material, secondary key material, and other protected

See also :

Solution :

Apply 8.3.2 ePatch 14 per the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.4
CVSS Temporal Score : 7.4
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 73834 ()

Bugtraq ID: 66690

CVE ID: CVE-2014-0160

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial