McAfee Security Information and Event Management 9.3.x < 9.3.2.19 / 9.4.x < 9.4.2.9 / 9.5.x < 9.5.0.8 Authentication Bypass (SB10137)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by an authentication bypass
vulnerability.

Description :

According to its self-reported version, the McAfee Security
Information and Event Management (SIEM) application installed on the
remote host is 9.3.x prior to 9.3.2.19, 9.4.x prior to 9.4.2.9, or
9.5.x prior to 9.5.0.8. It is therefore, affected by an authentication
bypass vulnerability in the Enterprise Security Manager (ESM),
Enterprise Security Manager/Log Manager (ESMLM), and Enterprise
Security Manager/Receiver (ESMREC) components due to improper
sanitization of usernames. This vulnerability occurs when these
components are configured to use Active Directory or LDAP as
authentication sources. A remote attacker can exploit this issue, via
a specially crafted username, to log on to the system using any
password.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=KB83418
https://kc.mcafee.com/corporate/index?page=content&id=SB10137

Solution :

Upgrade to the relevant fixed version according to the McAfee
advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 90424 ()

Bugtraq ID: 85542

CVE ID: CVE-2015-8024

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now