McAfee Security Information and Event Management 9.5.x / 9.6.x < 9.6.0.3 ESM Authentication Bypass (KB87744)

medium Nessus Plugin ID 93720

Synopsis

The remote device is affected by an authentication bypass vulnerability.

Description

According to its self-reported version, the McAfee Security Information and Event Management (SIEM) application installed on the remote host is 9.5.x or 9.6.x prior to 9.6.0.3. It is, therefore, affected by an authentication bypass vulnerability in the Enterprise Security Manager (ESM) component due to a failure to require an administrator password to be supplied a second time for certain sensitive administrative commands. Likewise, GUI 'Terminal' commands are allowed by an active logged-in administrative session without supplying a password a second time. A local attacker who has compromised the administrator session can exploit this issue to make changes to other SIEM user information, such as user passwords.

Solution

Upgrade to McAfee SIEM version 9.6.0 MR3 (9.6.0.3) or later.

See Also

https://kc.mcafee.com/corporate/index?page=content&id=KB87744

Plugin Details

Severity: Medium

ID: 93720

File Name: mcafee_esm_siem_kb87744.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 9/26/2016

Updated: 11/14/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 1.7

Temporal Score: 1.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2016-8006

CVSS v3

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.9

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mcafee:mcafee_enterprise_security_manager

Required KB Items: Host/McAfee ESM/Display Version, Host/McAfee ESM/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/9/2016

Vulnerability Publication Date: 9/9/2016

Reference Information

CVE: CVE-2016-8006