McAfee Firewall Enterprise OpenSSL Information Disclosure (SB10071) (Heartbleed)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by an information disclosure

Description :

The remote host has a version of McAfee Firewall Enterprise installed
that is affected by an out-of-bounds read error, known as Heartbleed,
in the TLS/DTLS implementation due to improper handling of TLS
heartbeat extension packets. A remote attacker, using crafted packets,
can trigger a buffer over-read, resulting in the disclosure of up to
64KB of process memory, which contains sensitive information such as
primary key material, secondary key material, and other protected

See also :

Solution :

Apply 8.3.2 ePatch 14 per the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.4
CVSS Temporal Score : 7.4
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 73834 ()

Bugtraq ID: 66690

CVE ID: CVE-2014-0160

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now