McAfee Cloud Single Sign On < 4.0.1 Information Disclosure (SB10066) (Windows)

Medium Nessus Plugin ID 73187


The remote host is affected by an information disclosure vulnerability.


A version of McAfee Cloud Single Sign On (MCSSO) prior to 4.0.1 is installed on the remote host. It is, therefore, affected by an information disclosure vulnerability due to a failure to sanitize user-supplied input, resulting in potential directory traversal. An attacker could potentially exploit this vulnerability to download arbitrary files, including one containing a hash of the product administrator's password.


Upgrade to version 4.0.1 or later.

See Also

Plugin Details

Severity: Medium

ID: 73187

File Name: mcafee_csso_SB10066_windows.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2014/03/25

Modified: 2016/12/19

Dependencies: 73183

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mcafee:cloud_single_sign_on

Required KB Items: SMB/mcafee_csso/Path, SMB/mcafee_csso/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/11/11

Vulnerability Publication Date: 2014/03/07

Reference Information

CVE: CVE-2014-2536

BID: 66181

OSVDB: 104113