CVE-2015-8024

{"id": "CVE-2015-8024", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-12-02T16:59:00.107", "references": [{"url": "http://www.quantumleap.it/mcafee-siem-esm-esmrec-and-esmlm-authentication-bypass-vulnerability/", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1034288", "source": "cve@mitre.org"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10137", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username \"NGCP|NGCP|NGCP;\" and any password."}, {"lang": "es", "value": "McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM) y Enterprise Security Manager/Receiver (ESMREC) 9.3.x en versiones anteriores a 9.3.2MR19, 9.4.x en versiones anteriores a 9.4.2MR9 y 9.5.x en versiones anteriores a 9.5.0MR8, cuando se configura para utilizar fuentes de autenticaci\u00f3n Active Directory o LDAP, permite a atacantes remotos eludir la autenticaci\u00f3n por medio del inicio de sesi\u00f3n con el nombre de usuario 'NGCP|NGCP|NGCP;' y cualquier contrase\u00f1a."}], "lastModified": "2016-12-07T18:25:58.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3F23590-6EE0-4C68-8664-AEA340C339DF"}, {"criteria": "cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE5C288B-8850-49A3-9362-D1F0DE58D30C"}, {"criteria": "cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AE33937-A286-4266-B497-2C42DE98AB46"}, {"criteria": "cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95B252A8-E09F-4DC3-A3DC-8D9C4D94DC7A"}, {"criteria": "cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEF89E8B-45F6-4197-A52E-BC31D0F81ECC"}, {"criteria": "cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39B89D53-8A59-4623-B0C5-6F08CD357656"}, {"criteria": "cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "097627F1-1F77-4CC7-AB31-CA9E5D31E0BD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}