McAfee ESM/ESMLM/ESMREC Authentication Bypass Vulnerability (CVE-2015-8024)
McAfee ESM/ESMLM/ESMREC Authentication Bypass Vulnerability (CVE-2015-8024)
Release date:
Updated on:
Affected Systems:
McAfee Enterprise Security Manager 9.5.x-9.5.0MR8
McAfee Enterprise Security Manager 9.4.x-9.4.2MR9
McAfee Enterprise Security Manager 9.3.x-9.3.2MR19
Description:
CVE (CAN) ID: CVE-2015-8024
McAfee ESM provides intelligent security, information, and log management functions.
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), Enterprise Security Manager/Explorer (ESMREC) 9.3.x-9.3.2MR19, 9.4.x-9.4.2MR9, 9.5.x-9.5.0MR8, when a dynamic directory or LDAP authentication source is configured, remote attackers can log on with the "NGCP | NGCP;" user name and any password to bypass authentication.
<* Source: cldio Cinquino
Link: https://kc.mcafee.com/corporate/index? Page = content & id = sb10133
*>
Suggestion:
Vendor patch:
McAfee
------
McAfee has released a Security Bulletin (sb10133) and corresponding patches for this purpose:
Sb10medium: Security Bulletin: siem esm, ESMREC, and ESMLM updates fix authentication bypass vulnerability
Link: https://kc.mcafee.com/corporate/index? Page = content & id = sb10133
Patch download:
Https://kc.mcafee.com/corporate/index? Page = content & id = KB56057
Http://www.mcafee.com/us/downloads/downloads.aspx
This article permanently updates the link address: