McAfee VirusScan Enterprise for Linux OpenSSL Information Disclosure (Heartbleed)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an information disclosure
vulnerability.

Description :

The remote host has a version of McAfee VirusScan Enterprise for Linux
(VSEL) that is affected by an information disclosure due to a flaw in
the OpenSSL library, commonly known as the Heartbleed bug. An attacker
could potentially exploit this vulnerability repeatedly to read up to
64KB of memory from the device.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10071
http://www.heartbleed.com
https://eprint.iacr.org/2014/140
https://www.openssl.org/news/vulnerabilities.html#2014-0160
https://www.openssl.org/news/secadv/20140407.txt

Solution :

Apply the relevant hotfix referenced in the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 7.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 73854 ()

Bugtraq ID: 66690

CVE ID: CVE-2014-0160

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial