Lucene search

[email protected]NVD:CVE-2015-8024

HistoryDec 02, 2015 - 4:59 p.m.

CVE-2015-8024

2015-12-0216:59:00

CWE-78

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username “NGCP|NGCP|NGCP;” and any password.

Affected configurations

NVD

Node

mcafeemcafee_enterprise_security_managerMatch9.3.0

mcafeemcafee_enterprise_security_managerMatch9.3.1

mcafeemcafee_enterprise_security_managerMatch9.3.2

mcafeemcafee_enterprise_security_managerMatch9.4.0

mcafeemcafee_enterprise_security_managerMatch9.4.1

mcafeemcafee_enterprise_security_managerMatch9.4.2

mcafeemcafee_enterprise_security_managerMatch9.5.0

References

www.quantumleap.it/mcafee-siem-esm-esmrec-and-esmlm-authentication-bypass-vulnerability/

www.securitytracker.com/id/1034288

kc.mcafee.com/corporate/index?page=content&id=SB10137

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for NVD:CVE-2015-8024

nessus1 cvelist1 openvas1 cve1 prion1