Vulnerability CVE-2015-6860


Published: 2016-01-05

Description:
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.

Vendor: HP
Product: Network switch software 
Version: 15.18.0;
Product: J8700a 
Product: J9638a 
Product: J8692a 
Product: J9584a 
Product: J9540a 
Product: J9473a 
Product: J9451a 
Product: J9850a 
Product: J9265a 
Product: J9822a 
Product: J8715b 
Product: J9640a 
Product: J8697a 
Product: J9586a 
Product: J9574a 
Product: J9532a 
Product: J9470a 
Product: J9866a 
Product: J9311a 
Product: J9824a 
Product: J9091a 
Product: J9642a 
Product: J8699a 
Product: J9588a 
Product: J9576a 
Product: J9539a 
Product: J9472a 
Product: J9448a 
Product: J9826a 
Product: J9264a 
Product: J9821a 
Product: J8715a 
Product: J9639a 
Product: J8693a 
Product: J9585a 
Product: J9573a 
Product: J9475a 
Product: J9452a 
Product: J9851a 
Product: J9310a 
Product: J9823a 
Product: J8992a 
Product: J9641a 
Product: J8698a 
Product: J9587a 
Product: J9575a 
Product: J9533a 
Product: J9471a 
Product: J9868a 
Product: J9447a 
Product: J9825a 
Product: J9263a 
Product: J9643a 

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securitytracker.com/id/1034410
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04920918

Related CVE
CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types ...
CVE-2018-18593
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10...
CVE-2018-7116
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7115
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7114
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7112
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installe...
CVE-2018-7111
A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is th...
CVE-2018-7076
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.

Copyright 2019, cxsecurity.com

 

Back to Top