McAfee Security Information and Event Management 9.3.x < 9.3.2.19 / 9.4.x < 9.4.2.9 / 9.5.x < 9.5.0.8 Authentication Bypass (SB10137)

high Nessus Plugin ID 90424

Language:

Synopsis

The remote device is affected by an authentication bypass vulnerability.

Description

According to its self-reported version, the McAfee Security Information and Event Management (SIEM) application installed on the remote host is 9.3.x prior to 9.3.2.19, 9.4.x prior to 9.4.2.9, or 9.5.x prior to 9.5.0.8. It is therefore, affected by an authentication bypass vulnerability in the Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) components due to improper sanitization of usernames. This vulnerability occurs when these components are configured to use Active Directory or LDAP as authentication sources. A remote attacker can exploit this issue, via a specially crafted username, to log on to the system using any password.

Solution

Upgrade to the relevant fixed version according to the McAfee advisory.

Plugin Details

Severity: High

ID: 90424

File Name: mcafee_esm_siem_sb10137.nasl

Version: 1.7

Type: remote

Family: Misc.

Published: 4/8/2016

Updated: 7/14/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mcafee:mcafee_enterprise_security_manager

Required KB Items: Host/McAfee ESM/Display Version, Host/McAfee ESM/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/21/2015

Vulnerability Publication Date: 10/21/2015

Reference Information

CVE: CVE-2015-8024

BID: 85542

IAVA: 2016-A-0084

MCAFEE-SB: SB10137

Detections

Analytics