McAfee Firewall Reporter isValidClient Remote Code Execution
| Check Point Reference: | CPAI-2011-339 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA44110 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? McAfee Firewall Reporter version 5.1.0.6 and prior | ||
| Vulnerability Description An authentication bypass vulnerability has been reported in McAfee Firewall Reporter. Remote attackers could trigger this flaw by connecting to a vulnerable McAfee web interface and sending a specially crafted malicious HTTP request. Successful exploitation of this vulnerability may allow an attacker to access restricted information or execute arbitrary code on a target system. |
||
|
Update/Patch Available Update to McAfee Firewall Reporter version 5.1.0.13. |
|
|
Vulnerability Details This is an authentication bypass vulnerability. The vulnerability is due to a design flaw in the way that McAfee Firewall Reporter validates session IDs while authenticating users. Successful exploitation of this vulnerability may allow an attacker to access restricted information or execute arbitrary code on a target system. |
Protection Overview
By enabling this protection, IPS will detect and block malicious HTTP requests sent to the vulnerable server.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.