Lucene search

CertccCVE-2015-2916

HistorySep 21, 2015 - 10:59 a.m.

CVE-2015-2916

2015-09-2110:59:04

CWE-352

certcc

web.nvd.nist.gov

cve-2015-2916

csrf

securifi almond

firmware

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

46.6%

JSON

Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.

Affected configurations

Nvd

Node

securifialmond-2015_firmwareRange≤al2-r088

AND

securifialmond-2015

Node

securifialmond_firmwareRange≤al1-r201exp10-l304-w33

AND

securifialmond

VendorProductVersionCPE
securifialmond-2015_firmware*cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*
securifialmond-2015*cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*
securifialmond_firmware*cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*
securifialmond*cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
securifi	almond-2015_firmware	*	cpe:2.3:o:securifi:almond-2015_firmware::::::::
securifi	almond-2015	*	cpe:2.3:h:securifi:almond-2015::::::::
securifi	almond_firmware	*	cpe:2.3:o:securifi:almond_firmware::::::::
securifi	almond	*	cpe:2.3:h:securifi:almond::::::::

References

www.kb.cert.org/vuls/id/906576

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

46.6%

JSON

Related for CVE-2015-2916