McAfee Security Information and Event Management 9.5.x / 9.6.x < 184.108.40.206 ESM Authentication Bypass (KB87744)
Low Nessus Plugin ID 93720
SynopsisThe remote device is affected by an authentication bypass vulnerability.
DescriptionAccording to its self-reported version, the McAfee Security Information and Event Management (SIEM) application installed on the remote host is 9.5.x or 9.6.x prior to 220.127.116.11. It is, therefore, affected by an authentication bypass vulnerability in the Enterprise Security Manager (ESM) component due to a failure to require an administrator password to be supplied a second time for certain sensitive administrative commands. Likewise, GUI 'Terminal' commands are allowed by an active logged-in administrative session without supplying a password a second time. A local attacker who has compromised the administrator session can exploit this issue to make changes to other SIEM user information, such as user passwords.
SolutionUpgrade to McAfee SIEM version 9.6.0 MR3 (18.104.22.168) or later.