CVE-2015-8024
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM) y Enterprise Security Manager/Receiver (ESMREC) 9.3.x en versiones anteriores a 9.3.2MR19, 9.4.x en versiones anteriores a 9.4.2MR9 y 9.5.x en versiones anteriores a 9.5.0MR8, cuando se configura para utilizar fuentes de autenticación Active Directory o LDAP, permite a atacantes remotos eludir la autenticación por medio del inicio de sesión con el nombre de usuario 'NGCP|NGCP|NGCP;' y cualquier contraseña.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-10-29 CVE Reserved
- 2015-12-02 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.quantumleap.it/mcafee-siem-esm-esmrec-and-esmlm-authentication-bypass-vulnerability | X_refsource_misc | |
| http://www.securitytracker.com/id/1034288 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10137 | 2016-12-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Mcafee Enterprise Security Manager Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" | 9.3.0 Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" and version "9.3.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Mcafee Enterprise Security Manager Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" | 9.3.1 Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" and version "9.3.1" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Mcafee Enterprise Security Manager Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" | 9.3.2 Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" and version "9.3.2" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Mcafee Enterprise Security Manager Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" | 9.4.0 Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" and version "9.4.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Mcafee Enterprise Security Manager Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" | 9.4.1 Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" and version "9.4.1" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Mcafee Enterprise Security Manager Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" | 9.4.2 Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" and version "9.4.2" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Mcafee Enterprise Security Manager Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" | 9.5.0 Search vendor "Mcafee" for product "Mcafee Enterprise Security Manager" and version "9.5.0" | - |
Affected
| ||||||