Detections
Analytics

CylancePROTECT 2.0.x < 2.0.1480 SSL Validation (Cy2008-002)

medium Nessus Plugin ID 109596

Language:

Synopsis

The version of CylancePROTECT installed on the remote host is affected by an SSL validation vulnerability.

Description

The version of CylancePROTECT installed on the remote host is a version 2.0.x prior to 2.0.1480. It is, therefore, affected by an SSL validation flaw that can allow an attacker to cause an arbitrary file download.

Solution

Upgrade to CylancePROTECT version 2.0.1480 or later.

See Also

http://www.nessus.org/u?d26ea478

Plugin Details

Severity: Medium

ID: 109596

File Name: cylance_protect_cy2018-002.nasl

Version: 1.1

Type: remote

Agent: windows

Family: Windows

Published: 5/7/2018

Updated: 5/7/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/a:cylance:cylanceprotect

Required KB Items: SMB/Registry/Enumerated, installed_sw/CylancePROTECT

Patch Publication Date: 5/3/2018

Vulnerability Publication Date: 5/3/2018

Reference Information