Detections
Analytics

CylancePROTECT 2.0.x < 2.0.1480 SSL Validation (Cy2008-002) (macOS)

medium Nessus Plugin ID 109597

Language:

Synopsis

An application installed on the remote MacOS / MacOSX host is affected by an SSL validation vulnerability.

Description

The version of CylancePROTECT installed on the remote MacOS/MacOSX host is 2.0.x prior to 2.0.1480. It is, therefore, affected by an SSL validation flaw that can allow an attacker to cause an arbitrary file download.

Solution

Upgrade to CylancePROTECT version 2.0.1480 or later.

See Also

http://www.nessus.org/u?d26ea478

Plugin Details

Severity: Medium

ID: 109597

File Name: macosx_cylance_protect_cy2018-002.nasl

Version: 1.1

Type: local

Agent: macosx

Published: 5/7/2018

Updated: 5/7/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/a:cylance:cylanceprotect

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/CylancePROTECT

Patch Publication Date: 5/3/2018

Vulnerability Publication Date: 5/3/2018

Reference Information