CCE-94696-2Platform: cpe:/a:mcafee:virusscan_enterprise_for_linux | Date: (C)2021-06-15 (M)2023-07-04 |
The McAfee VirusScan Enterprise for Linux WEB GUI is the method for configuring the McAfee VSEL on a non-managed Linux system. The WEB GUI on the system could be used maliciously to gain unauthorized access to the system. By restricting access to interface by implementing firewall rules, the risk of unauthorized access will be mitigated.
Parameter:
[yes/no, yes/no, 7, yes/no, yes/no, error/information, 3000-3999, test@localdomain.com]
Technical Mechanism:
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.
In the VSEL WEB Monitor, under "Configure", "Notifications", select the check box for "Item Detected".
Select check boxes for "Viruses", "Trojans", "Programs", "Jokes" and "Include alerts for on-demand tasks".
Select the check box for "Out of date" and configure "Alert for DAT files which are # days old" to "7" or less.
Select the check box for "Configuration changes".
Select the check box for "System events". Select check box for "Type" and select "Error" from drop-down list.
Select check box for "Code" and configured with "3000-3999" in Code field.
Configure the SMTP Settings with valid email address(es) for System Administrators.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73520 |