Sign-up

ID

VAR-201208-0645


CVE

CVE-2011-5100


TITLE

McAfee Firewall Reporter of Web Interface access vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-003813

DESCRIPTION

The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for authenticating users. The GernalUtilities.pm file contains code to validate sessions by parsing cookie values without sanitization. The faulty logic simply checks for the existence of a particular file, without verifying its contents. By using a directory traversal technique an attacker can point the cgisess cookie value to an arbitrary file that exists on the server and thus bypass authentication. This issue may allow websites to bypass certain security restrictions and gain access to potentially sensitive information. This issue was introduced in McAfee Firewall Reporter 5.1.0.6. ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-117 April 11, 2011 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: McAfee -- Affected Products: McAfee Firewall Reporter -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10522. -- Vendor Response: McAfee states: Fixed February 9, 2011 Bulletin modified April 11, 2011: https://kc.mcafee.com/corporate/index?page=content&id=SB10015 -- Disclosure Timeline: 2010-09-22 - Vulnerability reported to vendor 2011-04-11 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Andrea Micalizzi aka rgod -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi . ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: McAfee Firewall Reporter Web Interface Security Bypass Vulnerability SECUNIA ADVISORY ID: SA44110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44110 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in McAfee Firewall Reporter, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is reported in version 5.1.0.6. SOLUTION: Update to version 5.1.0.13. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi (rgod) via ZDI ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10015 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-117/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2011-5100 // JVNDB: JVNDB-2012-003813 // ZDI: ZDI-11-117 // BID: 47306 // VULHUB: VHN-53045 // PACKETSTORM: 100290 // PACKETSTORM: 100393

AFFECTED PRODUCTS

vendor:mcafeemodel:firewall reporterscope:lteversion:5.1.0.6

Trust: 1.0

vendor:mcafeemodel:firewall reporterscope:eqversion:5.1.0.6

Trust: 0.9

vendor:mcafeemodel:firewall reporterscope:ltversion:5.1.0.13

Trust: 0.8

vendor:mcafeemodel:firewall reporterscope: - version: -

Trust: 0.7

vendor:mcafeemodel:firewall reporterscope:neversion:5.1.0.13

Trust: 0.3

sources: ZDI: ZDI-11-117 // BID: 47306 // JVNDB: JVNDB-2012-003813 // CNNVD: CNNVD-201208-397 // NVD: CVE-2011-5100

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-5100
value: HIGH

Trust: 1.0

NVD: CVE-2011-5100
value: HIGH

Trust: 0.8

ZDI: ZDI-11-117
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201208-397
value: HIGH

Trust: 0.6

VULHUB: VHN-53045
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-5100
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: ZDI-11-117
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-53045
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-11-117 // VULHUB: VHN-53045 // JVNDB: JVNDB-2012-003813 // CNNVD: CNNVD-201208-397 // NVD: CVE-2011-5100

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-53045 // JVNDB: JVNDB-2012-003813 // NVD: CVE-2011-5100

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 100290 // CNNVD: CNNVD-201208-397

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201208-397

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003813

PATCH
title:SB10015url:https://kc.mcafee.com/corporate/index?page=content&id=SB10015
Trust: 1.5
sources:
            
            
            ZDI: ZDI-11-117 // 
            
            
            
            JVNDB: JVNDB-2012-003813

EXTERNAL IDS
db:NVDid:CVE-2011-5100
Trust: 2.8
db:MCAFEEid:SB10015
Trust: 2.2
db:ZDIid:ZDI-11-117
Trust: 0.9
db:JVNDBid:JVNDB-2012-003813
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-938
Trust: 0.7
db:CNNVDid:CNNVD-201208-397
Trust: 0.7
db:BIDid:47306
Trust: 0.4
db:SECUNIAid:44110
Trust: 0.3
db:VULHUBid:VHN-53045
Trust: 0.1
db:PACKETSTORMid:100290
Trust: 0.1
db:PACKETSTORMid:100393
Trust: 0.1
sources:
            
            
            ZDI: ZDI-11-117 // 
            
            
            
            VULHUB: VHN-53045 // 
            
            
            
            BID: 47306 // 
            
            
            
            JVNDB: JVNDB-2012-003813 // 
            
            
            
            PACKETSTORM: 100290 // 
            
            
            
            PACKETSTORM: 100393 // 
            
            
            
            CNNVD: CNNVD-201208-397 // 
            
            
            
            NVD: CVE-2011-5100

REFERENCES
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10015
Trust: 2.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5100
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5100
Trust: 0.8
url:http://www.mcafee.com/
Trust: 0.3
url:/archive/1/517487
Trust: 0.3
url:/archive/1/517421
Trust: 0.3
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10015
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/disclosure_policy/
Trust: 0.1
url:http://twitter.com/thezdi
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-11-117
Trust: 0.1
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-11-117/
Trust: 0.1
url:http://secunia.com/advisories/44110/
Trust: 0.1
url:http://secunia.com/advisories/44110/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44110
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/resources/factsheets/2011_vendor/
Trust: 0.1
sources:
            
            
            ZDI: ZDI-11-117 // 
            
            
            
            VULHUB: VHN-53045 // 
            
            
            
            BID: 47306 // 
            
            
            
            JVNDB: JVNDB-2012-003813 // 
            
            
            
            PACKETSTORM: 100290 // 
            
            
            
            PACKETSTORM: 100393 // 
            
            
            
            CNNVD: CNNVD-201208-397 // 
            
            
            
            NVD: CVE-2011-5100

CREDITS
Andrea Micalizzi aka rgod
Trust: 0.7
sources:
            
            
            ZDI: ZDI-11-117

SOURCES
db:ZDIid:ZDI-11-117
db:VULHUBid:VHN-53045
db:BIDid:47306
db:JVNDBid:JVNDB-2012-003813
db:PACKETSTORMid:100290
db:PACKETSTORMid:100393
db:CNNVDid:CNNVD-201208-397
db:NVDid:CVE-2011-5100

LAST UPDATE DATE
2025-04-11T23:03:06.099000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-11-117date:2011-04-11T00:00:00
db:VULHUBid:VHN-53045date:2012-08-22T00:00:00
db:BIDid:47306date:2012-08-23T18:20:00
db:JVNDBid:JVNDB-2012-003813date:2012-08-23T00:00:00
db:CNNVDid:CNNVD-201208-397date:2012-08-23T00:00:00
db:NVDid:CVE-2011-5100date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:ZDIid:ZDI-11-117date:2011-04-11T00:00:00
db:VULHUBid:VHN-53045date:2012-08-22T00:00:00
db:BIDid:47306date:2011-04-11T00:00:00
db:JVNDBid:JVNDB-2012-003813date:2012-08-23T00:00:00
db:PACKETSTORMid:100290date:2011-04-11T23:29:44
db:PACKETSTORMid:100393date:2011-04-14T07:34:46
db:CNNVDid:CNNVD-201208-397date:2012-08-23T00:00:00
db:NVDid:CVE-2011-5100date:2012-08-22T10:42:04.303