Vulnerability CVE-2015-6860


Published: 2016-01-05

Description:
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.

Vendor: HP
Product: Network switch software 
Version: 15.18.0;
Product: J8700a 
Product: J9638a 
Product: J8692a 
Product: J9584a 
Product: J9540a 
Product: J9473a 
Product: J9451a 
Product: J9850a 
Product: J9265a 
Product: J9822a 
Product: J8715b 
Product: J9640a 
Product: J8697a 
Product: J9586a 
Product: J9574a 
Product: J9532a 
Product: J9470a 
Product: J9866a 
Product: J9311a 
Product: J9824a 
Product: J9091a 
Product: J9642a 
Product: J8699a 
Product: J9588a 
Product: J9576a 
Product: J9539a 
Product: J9472a 
Product: J9448a 
Product: J9826a 
Product: J9264a 
Product: J9821a 
Product: J8715a 
Product: J9639a 
Product: J8693a 
Product: J9585a 
Product: J9573a 
Product: J9475a 
Product: J9452a 
Product: J9851a 
Product: J9310a 
Product: J9823a 
Product: J8992a 
Product: J9641a 
Product: J8698a 
Product: J9587a 
Product: J9575a 
Product: J9533a 
Product: J9471a 
Product: J9868a 
Product: J9447a 
Product: J9825a 
Product: J9263a 
Product: J9643a 

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securitytracker.com/id/1034410
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04920918

Related CVE
CVE-2019-6333
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touc...
CVE-2019-11656
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
CVE-2019-11655
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
CVE-2019-5408
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. Th...
CVE-2019-5407
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5405
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5404
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

Copyright 2019, cxsecurity.com

 

Back to Top