Vulnerability CVE-2015-5434


Published: 2016-01-05

Description:
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."

Vendor: HP
Product: Jh198a hp 10500 type d main processing unit with comware 
Version: 7.0;
Product: Jg497a hp 12500 mpu w/comware 
Version: 7.0;
Product: Jg496a hp 10500 type a mpu with comware 
Version: 7.0;
Product: Jg810aae hp vsr1001 virtual services router 60 day evaluation 
Product: Jg362a hp hsr6804 router chassis 
Product: Jg821a hp 10508 taa switch chassis 
Product: Jg786a hp flexfabric 12500 4-port 100gbe cfp fd 
Product: Jg296a hp 5920af-24xg switch 
Product: Jg803a hp flexfabric 12500e taa-compliant main processing unit 
Product: Jf430b hp 12518 switch chassis 
Product: Jg782a hp ff 12508e ac switch chassis 
Product: Jc654a hp 12504 ac switch chassis 
Product: Jg734a hp msr2004-24 ac router 
Product: Jc611a hp 10508-v switch chassis 
Product: Jg409a hp msr3012 ac router 
Product: Jh075a) hp hsr6800 rse-x3 router main processing unit 
Product: Jc124b hp 9505 switch chassis 
Product: Jg404a hp msr3064 router 
Product: Jg861a hp msr3024 taa-compliant ac router 
Product: Jh196a hp 10500 2-port 100gbe cfp ec 
Product: Jg363a hp hsr6808 router chassis 
Product: Jg823a hp 10512 taa switch chassis 
Product: Jg788a hp flexfabric 12500 4-port 100gbe cfp fg 
Product: Jg354a hp hsr6602-xg router 
Product: Jg812aae hp vsr1004 comware 7 virtual services router 
Product: Jf431a hp a12508 switch chassis 
Product: Jg784a hp ff 12518e ac switch chassis 
Product: Jc748a hp 10512 switch chassis 
Product: Jg776a hp hsr6602-g taa-compliant router 
Product: Jc613a hp 10504 switch chassis 
Product: Jg411a hp msr2003 ac router 
Product: Jh188a hp flexfabric 5930 4-slot taa-compliant switch 
Product: Jc125b hp 9512 switch chassis 
Product: Jg406a hp msr3024 ac router 
Product: Jg869a hp msr4000 taa-compliant mpu-100 main processing unit 
Product: Jc085a hp a12518 switch chassis 
Product: Jg364a hp hsr6800 rse-x2 router main processing unit 
Product: Jg835a hp flexfabric 12508e dc switch taa-compliant chassis 
Product: Jg798a hp flexfabric 12508e fabric 
Product: Jg361b hp hsr6802 router chassis 
Product: Jg820a hp 10504 taa switch chassis 
Product: Jf431c hp 12508 ac switch chassis 
Product: Jg802a hp ff 12500e mpu 
Product: Jf430a hp a12518 switch chassis 
Product: Jg779a hp hsr6800 rse-x2 router taa-compliant main processing unit 
Product: Jc653a hp 12518 dc switch chassis 
Product: Jg555a hp 5920af-24xg taa switch 
Product: Jc474b hp 9508-v switch chassis 
Product: Jg408a hp msr3024 poe router 
Product: Jh060a hp msr1003-8s ac router 
Product: Jc124a hp a9508 switch chassis 
Product: Jg403a hp msr4060 router chassis 
Product: Jg837a hp flexfabric 12518e dc switch taa-compliant chassis 
Product: Jh192a hp 10500 48-port gig-t (rj45) se 
Product: Jg362b hp hsr6804 router chassis 
Product: Jg822a hp 10508-v taa switch chassis 
Product: Jg787a hp flexfabric 12500 4-port 100gbe cfp fd taa 
Product: Jg353a hp hsr6602-g router 
Product: Jg811aae hp vsr1001 comware 7 virtual services router 
Product: Jf430c hp 12518 ac switch chassis 
Product: Jg783a hp ff 12508e dc switch chassis 
Product: Jc655a hp 12504 dc switch chassis 
Product: Jg735a) hp msr2004-48 router 
Product: Jc612a hp 10508 switch chassis 
Product: Jg410a hp msr3012 dc router 
Product: Jh179a hp flexfabric 5930 4-slot switch 
Product: Jc125a hp a9512 switch chassis 
Product: Jg405a hp msr3044 router 
Product: Jg866a hp msr2003 taa-compliant ac router 
Product: Jc072b hp 12500 main processing unit 
Product: Jg363b hp hsr6808 router chassis 
Product: Jg834a hp flexfabric 12508e ac switch taa-compliant chassis 
Product: Jg789a hp flexfabric 12500 4-port 100gbe cfp fg taa 
Product: Jg361a hp hsr6802 router chassis 
Product: Jg813aae hp vsr1008 comware 7 virtual services router 
Product: Jf431b hp 12508 switch chassis 
Product: Jg785a hp ff 12518e dc switch chassis 
Product: Jc808a hp 12500 taa main processing unit 
Product: Jg777a hp hsr6602-xg taa-compliant router 
Product: Jc652a hp 12508 dc switch chassis 
Product: Jg412a hp msr4000 mpu-100 main processing unit 
Product: Jc474a hp a9508-v switch chassis 
Product: Jg407a hp msr3024 dc router 
Product: Jg875a hp msr1002-4 ac router 
Product: Jc086a hp a12508 switch chassis 
Product: Jg402a hp msr4080 router chassis 
Product: Jg836a hp flexfabric 12518e ac switch taa-compliant chassis 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://www.securityfocus.com/bid/79869
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492

Related CVE
CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types ...
CVE-2018-18593
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10...
CVE-2018-7116
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7115
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7114
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7112
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installe...
CVE-2018-7111
A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is th...
CVE-2018-7076
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.

Copyright 2019, cxsecurity.com

 

Back to Top