Vulnerability Details CVE-2017-3897
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.083
EPSS Ranking 91.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-3897
-
cpe:2.3:a:mcafee:livesafe:14.0
-
cpe:2.3:a:mcafee:livesafe:16.0.2
-
cpe:2.3:a:mcafee:security_scan_plus:-
-
cpe:2.3:a:mcafee:security_scan_plus:2.0.181.2
-
cpe:2.3:a:mcafee:security_scan_plus:3.11.376
-
cpe:2.3:a:mcafee:security_scan_plus:3.11.469
-
cpe:2.3:a:mcafee:security_scan_plus:3.11.599.2