McAfee Firewall Reporter isValidClient Authentication BypassAdded: 06/03/2011
BackgroundMcAfee Firewall Reporter is an enterprise-class security event management (SEM) reporting solution.
ProblemMcAfee Firewall Reporter versions 188.8.131.52 through 184.108.40.206 are vulnerable to an authentication bypass that may allow remote attackers to upload files to the server. This may allow attackers to upload and execute arbitrary code.
ResolutionUpgrade to McAfee Firewall Reporter version 220.127.116.11 or later.
LimitationsThis exploit has been tested against McAfee Firewall Reporter 18.104.22.168 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).
The exploit creates two files on the server which persist after the shell connection is terminated: c:\exploit.exe and /cgi-bin/exploit.cgi. These files should be removed manually after successful exploitation.
Back to exploit index