Vulnerability CVE-2015-6860


Published: 2016-01-05

Description:
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.

Vendor: HP
Product: Network switch software 
Version: 15.18.0;
Product: J8700a 
Product: J9638a 
Product: J8692a 
Product: J9584a 
Product: J9540a 
Product: J9473a 
Product: J9451a 
Product: J9850a 
Product: J9265a 
Product: J9822a 
Product: J8715b 
Product: J9640a 
Product: J8697a 
Product: J9586a 
Product: J9574a 
Product: J9532a 
Product: J9470a 
Product: J9866a 
Product: J9311a 
Product: J9824a 
Product: J9091a 
Product: J9642a 
Product: J8699a 
Product: J9588a 
Product: J9576a 
Product: J9539a 
Product: J9472a 
Product: J9448a 
Product: J9826a 
Product: J9264a 
Product: J9821a 
Product: J8715a 
Product: J9639a 
Product: J8693a 
Product: J9585a 
Product: J9573a 
Product: J9475a 
Product: J9452a 
Product: J9851a 
Product: J9310a 
Product: J9823a 
Product: J8992a 
Product: J9641a 
Product: J8698a 
Product: J9587a 
Product: J9575a 
Product: J9533a 
Product: J9471a 
Product: J9868a 
Product: J9447a 
Product: J9825a 
Product: J9263a 
Product: J9643a 

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securitytracker.com/id/1034410
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04920918

Related CVE
CVE-2018-7120
A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege.
CVE-2018-7119
A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all vers...
CVE-2018-5927
HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.
CVE-2018-5926
A potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier.
CVE-2018-5923
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.
CVE-2017-2752
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as...
CVE-2017-2748
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
CVE-2019-3484
Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.

Copyright 2019, cxsecurity.com

 

Back to Top