Vulnerability Details : CVE-2017-3897
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.
Products affected by CVE-2017-3897
- cpe:2.3:a:mcafee:livesafe:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:security_scan_plus:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3897
8.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3897
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-3897
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-3897
-
http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS102723
McAfee KB - McAfee Live Safe and McAfee Security Scan Plus updates fix man-in-the-middle vulnerabilities (CVE-2017-3897 and CVE-2017-3898) (TS102723)Vendor Advisory
-
http://www.securityfocus.com/bid/100100
McAfee Security Scan Plus CVE-2017-3897 Man in the Middle Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to