CVE-2015-8024

critical Trellix
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
1.5%
Exploitation probability in 30 days
Top 19% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 2, 2015 (3817 days ago)
Last Modified: May 6, 2026
Vendor: Trellix
Source: NVD

Description

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.

CWE

CWE-78

Affected Products

mcafee mcafee enterprise security manager

References

🔗 www.quantumleap.it 🔗 www.securitytracker.com 🔗 kc.mcafee.com 🔗 www.quantumleap.it 🔗 www.securitytracker.com