Vulnerability Description
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Mcafee Enterprise Security Manager | 9.3.0 |
Related Weaknesses (CWE)
References
- http://www.quantumleap.it/mcafee-siem-esm-esmrec-and-esmlm-authentication-bypass
- http://www.securitytracker.com/id/1034288
- https://kc.mcafee.com/corporate/index?page=content&id=SB10137Vendor Advisory
- http://www.quantumleap.it/mcafee-siem-esm-esmrec-and-esmlm-authentication-bypass
- http://www.securitytracker.com/id/1034288
- https://kc.mcafee.com/corporate/index?page=content&id=SB10137Vendor Advisory
FAQ
What is CVE-2015-8024?
CVE-2015-8024 is a vulnerability with a CVSS score of 9.3 (HIGH). McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x be...
How severe is CVE-2015-8024?
CVE-2015-8024 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8024?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Mcafee Enterprise Security Manager.