McAfee ESM/ESMLM/ESMREC Authentication Bypass Vulnerability (CVE-2015-8024)

McAfee ESM/ESMLM/ESMREC Authentication Bypass Vulnerability (CVE-2015-8024)
McAfee ESM/ESMLM/ESMREC Authentication Bypass Vulnerability (CVE-2015-8024)

Release date:
Updated on:

Affected Systems:

McAfee Enterprise Security Manager 9.5.x-9.5.0MR8
McAfee Enterprise Security Manager 9.4.x-9.4.2MR9
McAfee Enterprise Security Manager 9.3.x-9.3.2MR19

Description:

CVE (CAN) ID: CVE-2015-8024

McAfee ESM provides intelligent security, information, and log management functions.

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), Enterprise Security Manager/Explorer (ESMREC) 9.3.x-9.3.2MR19, 9.4.x-9.4.2MR9, 9.5.x-9.5.0MR8, when a dynamic directory or LDAP authentication source is configured, remote attackers can log on with the "NGCP | NGCP;" user name and any password to bypass authentication.

<* Source: cldio Cinquino

Link: https://kc.mcafee.com/corporate/index? Page = content & id = sb10133
*>

Suggestion:

Vendor patch:

McAfee
------
McAfee has released a Security Bulletin (sb10133) and corresponding patches for this purpose:
Sb10medium: Security Bulletin: siem esm, ESMREC, and ESMLM updates fix authentication bypass vulnerability
Link: https://kc.mcafee.com/corporate/index? Page = content & id = sb10133

Patch download:
Https://kc.mcafee.com/corporate/index? Page = content & id = KB56057
Http://www.mcafee.com/us/downloads/downloads.aspx

This article permanently updates the link address: