This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote device is affected by an authentication bypass
According to its self-reported version, the McAfee Security
Information and Event Management (SIEM) application installed on the
remote host is 9.5.x or 9.6.x prior to 126.96.36.199. It is, therefore,
affected by an authentication bypass vulnerability in the Enterprise
Security Manager (ESM) component due to a failure to require an
administrator password to be supplied a second time for certain
sensitive administrative commands. Likewise, GUI 'Terminal' commands
are allowed by an active logged-in administrative session without
supplying a password a second time. A local attacker who has
compromised the administrator session can exploit this issue to make
changes to other SIEM user information, such as user passwords.
See also :
Upgrade to McAfee SIEM version 9.6.0 MR3 (188.8.131.52) or later.
Risk factor :
Low / CVSS Base Score : 1.2
CVSS Temporal Score : 0.9
Public Exploit Available : false