McAfee Security Information and Event Management 9.5.x / 9.6.x < 9.6.0.3 ESM Authentication Bypass (KB87744)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by an authentication bypass
vulnerability.

Description :

According to its self-reported version, the McAfee Security
Information and Event Management (SIEM) application installed on the
remote host is 9.5.x or 9.6.x prior to 9.6.0.3. It is, therefore,
affected by an authentication bypass vulnerability in the Enterprise
Security Manager (ESM) component due to a failure to require an
administrator password to be supplied a second time for certain
sensitive administrative commands. Likewise, GUI 'Terminal' commands
are allowed by an active logged-in administrative session without
supplying a password a second time. A local attacker who has
compromised the administrator session can exploit this issue to make
changes to other SIEM user information, such as user passwords.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=KB87744

Solution :

Upgrade to McAfee SIEM version 9.6.0 MR3 (9.6.0.3) or later.

Risk factor :

Low / CVSS Base Score : 1.2
(CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 0.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 93720 ()

Bugtraq ID:

CVE ID: CVE-2016-8006

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now