McAfee Next Generation Firewall OpenSSL Information Disclosure (Heartbleed)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an information disclosure
vulnerability.

Description :

The remote host is running a version of McAfee Next Generation
Firewall (NGFW) that is affected by an information disclosure
vulnerability due to a flaw in the OpenSSL library, commonly known as
the Heartbleed bug. An attacker could potentially exploit this
vulnerability repeatedly to read up to 64KB of memory from the device.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10071

Solution :

Apply the relevant hotfix referenced in the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 8.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 73835 ()

Bugtraq ID: 66690

CVE ID: CVE-2014-0160