McAfee Web Gateway Information Disclosure (SB10080)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an information disclosure
vulnerability.

Description :

The remote host is running a version of McAfee Web Gateway (MWG) that
is affected by an information disclosure vulnerability. There is an
unspecified flaw in the admin interface that is triggered when viewing
the top level 'Accounts' tab. This flaw allows a remote, authenticated
attacker to gain access to hashed password information.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10080

Solution :

Apply the relevant patch per the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 77558 ()

Bugtraq ID: 69556

CVE ID: CVE-2014-6064

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now