Sign-up

ID

VAR-201409-0556


CVE

CVE-2014-6064


TITLE

McAfee Web Gateway Vulnerability in Obtaining Hashed User Password in Account Tab of Admin User Interface

Trust: 0.8

sources: JVNDB: JVNDB-2014-004023

DESCRIPTION

The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors. McAfee Web Gateway is prone to a remote information-disclosure vulnerability. Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. The product provides features such as threat protection, application control, and data loss prevention. A remote attacker could exploit this vulnerability to obtain a user's password hash

Trust: 2.07

sources: NVD: CVE-2014-6064 // JVNDB: JVNDB-2014-004023 // BID: 69556 // VULHUB: VHN-74007 // VULMON: CVE-2014-6064

AFFECTED PRODUCTS

vendor:mcafeemodel:web gatewayscope:gteversion:7.4.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.3.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.4.2

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.3.2.9

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.1

Trust: 0.9

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.0

Trust: 0.9

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.6

Trust: 0.9

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.4

Trust: 0.9

vendor:mcafeemodel:web gateway softwarescope:ltversion:7.4.x

Trust: 0.8

vendor:mcafeemodel:web gateway softwarescope:eqversion:7.4.2

Trust: 0.8

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.1.3

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.8

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.2.0.9

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.0.0

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.13

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.28

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.4.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.3.2.9

Trust: 0.3

sources: BID: 69556 // JVNDB: JVNDB-2014-004023 // CNNVD: CNNVD-201409-006 // NVD: CVE-2014-6064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6064
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-6064
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201409-006
value: MEDIUM

Trust: 0.6

VULHUB: VHN-74007
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-6064
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-6064
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-74007
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-74007 // VULMON: CVE-2014-6064 // JVNDB: JVNDB-2014-004023 // CNNVD: CNNVD-201409-006 // NVD: CVE-2014-6064

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-74007 // JVNDB: JVNDB-2014-004023 // NVD: CVE-2014-6064

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-006

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201409-006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004023

PATCH
title:SB10080url:https://kc.mcafee.com/corporate/index?page=content&id=SB10080
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004023

EXTERNAL IDS
db:NVDid:CVE-2014-6064
Trust: 2.9
db:MCAFEEid:SB10080
Trust: 2.1
db:SECTRACKid:1030675
Trust: 1.8
db:JVNDBid:JVNDB-2014-004023
Trust: 0.8
db:CNNVDid:CNNVD-201409-006
Trust: 0.7
db:BIDid:69556
Trust: 0.5
db:VULHUBid:VHN-74007
Trust: 0.1
db:VULMONid:CVE-2014-6064
Trust: 0.1
sources:
            
            
            VULHUB: VHN-74007 // 
            
            
            
            VULMON: CVE-2014-6064 // 
            
            
            
            BID: 69556 // 
            
            
            
            JVNDB: JVNDB-2014-004023 // 
            
            
            
            CNNVD: CNNVD-201409-006 // 
            
            
            
            NVD: CVE-2014-6064

REFERENCES
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10080
Trust: 2.0
url:http://www.securitytracker.com/id/1030675
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95690
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6064
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6064
Trust: 0.8
url:http://www.mcafee.com/
Trust: 0.3
url:https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/23000/pd23455/en_us/mwg_7152_release_notes.pdf
Trust: 0.3
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10080
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://www.securityfocus.com/bid/69556
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-74007 // 
            
            
            
            VULMON: CVE-2014-6064 // 
            
            
            
            BID: 69556 // 
            
            
            
            JVNDB: JVNDB-2014-004023 // 
            
            
            
            CNNVD: CNNVD-201409-006 // 
            
            
            
            NVD: CVE-2014-6064

CREDITS
David Cash from NCC Group.
Trust: 0.3
sources:
            
            
            BID: 69556

SOURCES
db:VULHUBid:VHN-74007
db:VULMONid:CVE-2014-6064
db:BIDid:69556
db:JVNDBid:JVNDB-2014-004023
db:CNNVDid:CNNVD-201409-006
db:NVDid:CVE-2014-6064

LAST UPDATE DATE
2024-11-23T21:55:16.260000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-74007date:2018-12-18T00:00:00
db:VULMONid:CVE-2014-6064date:2018-12-18T00:00:00
db:BIDid:69556date:2014-07-17T00:00:00
db:JVNDBid:JVNDB-2014-004023date:2014-09-04T00:00:00
db:CNNVDid:CNNVD-201409-006date:2014-09-04T00:00:00
db:NVDid:CVE-2014-6064date:2024-11-21T02:13:43.547

SOURCES RELEASE DATE
db:VULHUBid:VHN-74007date:2014-09-02T00:00:00
db:VULMONid:CVE-2014-6064date:2014-09-02T00:00:00
db:BIDid:69556date:2014-07-17T00:00:00
db:JVNDBid:JVNDB-2014-004023date:2014-09-04T00:00:00
db:CNNVDid:CNNVD-201409-006date:2014-09-04T00:00:00
db:NVDid:CVE-2014-6064date:2014-09-02T14:55:03.997