Vulnerability Details CVE-2015-8024
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.0%
CVSS Severity
CVSS v2 Score 9.3
References
- http://www.quantumleap.it/mcafee-siem-esm-esmrec-and-esmlm-authentication-bypass-vulnerability/
- http://www.securitytracker.com/id/1034288
- https://kc.mcafee.com/corporate/index?page=content&id=SB10137
- http://www.quantumleap.it/mcafee-siem-esm-esmrec-and-esmlm-authentication-bypass-vulnerability/
- http://www.securitytracker.com/id/1034288
- https://kc.mcafee.com/corporate/index?page=content&id=SB10137
Products affected by CVE-2015-8024
-
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.3.0
-
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.3.1
-
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.3.2
-
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.4.0
-
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.4.1
-
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.4.2
-
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.5.0