Session fixation

2019-05-1516:29:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.

CPENameOperatorVersion
endpoint_securityge10.0.0
endpoint_securityle10.6.1
endpoint_securityeq10.6.1 201905

Name	Operator	Version
endpoint_security	ge	10.0.0
endpoint_security	le	10.6.1
endpoint_security	eq	10.6.1 201905

References

www.securityfocus.com/bid/108416

kc.mcafee.com/corporate/index?page=content&id=SB10280