Lucene search

CertccCVE-2015-2915

HistorySep 21, 2015 - 10:59 a.m.

CVE-2015-2915

2015-09-2110:59:03

CWE-255

certcc

web.nvd.nist.gov

cve-2015-2915

securifi almond

firmware

default password

admin account

remote authentication

CVSS2

7.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:P/I:P/A:C

AI Score

7.2

Confidence

Low

EPSS

0.003

Percentile

68.7%

JSON

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet.

Affected configurations

Nvd

Node

securifialmond_firmwareRange≤al1-r201exp10-l304-w33

AND

securifialmond

Node

securifialmond-2015_firmwareRange≤al2-r088

AND

securifialmond-2015

VendorProductVersionCPE
securifialmond_firmware*cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*
securifialmond*cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*
securifialmond-2015_firmware*cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*
securifialmond-2015*cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
securifi	almond_firmware	*	cpe:2.3:o:securifi:almond_firmware::::::::
securifi	almond	*	cpe:2.3:h:securifi:almond::::::::
securifi	almond-2015_firmware	*	cpe:2.3:o:securifi:almond-2015_firmware::::::::
securifi	almond-2015	*	cpe:2.3:h:securifi:almond-2015::::::::

References

www.kb.cert.org/vuls/id/906576

CVSS2

7.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:P/I:P/A:C

AI Score

7.2

Confidence

Low

EPSS

0.003

Percentile

68.7%

JSON

Related for CVE-2015-2915