CVE-2017-3968 McAfee Network Data Loss Prevention Multiple Vulnerabilities (SB10198)

McAfee Network DLP allows enterprises to enforce policies for information leaving the network through email, webmail, instant messaging (IM), wikis, blogs etc.

McAfee Network Data Loss Prevention is prone to several vulnerabilities which can be exploited by remote attackers.

Affected Versions:
McAfee NDLP 9.3.4 and earlier

QID Detection Logic (unauthenticated):
The checks for vulnerable version of McAfee NDLP by looking at the file /data/stingray/etc/version. The file also checked to see if the corresponding hotfix (hotfix_1175833_47837_01) is applied or not.

Successful exploitation of the vulnerabilitiies allows:
a) Privilege Escalation.
b) Banner Disclosure in the server.
c) Remote attackers to get session/cookie information.
d) Remote authenticated users to view, add, and remove users via modification of the HTTP request.
e) Remote authenticated users to inject arbitrary web script or HTML via HTTP response header.
f) Remote authenticated users to inject arbitrary web script or HTML via HTTP response header.

The vendor has released a hotfix (hotfix_1175833_47837_01) to address this issue. For more information please refer to the vendor advisory SB10198.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SB10198