Lucene search

[email protected]CVE-2015-5434

HistoryJan 05, 2016 - 11:59 a.m.

CVE-2015-5434

2016-01-0511:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-5434

hpe networking products

comware 5

comware 7

h3c

remote attackers

access restrictions

denial of service

vrf hopping

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via “Virtual routing and forwarding (VRF) hopping.”

Affected configurations

NVD

Node

hpjg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fdMatch-

hpjg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taaMatch-

hpjg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fgMatch-

hpjg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taaMatch-

hpjg798a_hp_flexfabric_12508e_fabricMatch-

hpjg810aae_hp_vsr1001_virtual_services_router_60_day_evaluationMatch-

hpjh192a_hp_10500_48-port_gig-t_\(rj45\)_seMatch-

hpjh196a_hp_10500_2-port_100gbe_cfp_ecMatch-

hpjc072b_hp_12500_main_processing_unitMatch-

hpjc085a_hp_a12518_switch_chassisMatch-

hpjc086a_hp_a12508_switch_chassisMatch-

hpjc124a_hp_a9508_switch_chassisMatch-

hpjc124b_hp_9505_switch_chassisMatch-

hpjc125a_hp_a9512_switch_chassisMatch-

hpjc125b_hp_9512_switch_chassisMatch-

hpjc474a_hp_a9508-v_switch_chassisMatch-

hpjc474b_hp_9508-v_switch_chassisMatch-

hpjc611a_hp_10508-v_switch_chassisMatch-

hpjc612a_hp_10508_switch_chassisMatch-

hpjc613a_hp_10504_switch_chassisMatch-

hpjc652a_hp_12508_dc_switch_chassisMatch-

hpjc653a_hp_12518_dc_switch_chassisMatch-

hpjc654a_hp_12504_ac_switch_chassisMatch-

hpjc655a_hp_12504_dc_switch_chassisMatch-

hpjc748a_hp_10512_switch_chassisMatch-

hpjc808a_hp_12500_taa_main_processing_unitMatch-

hpjf430a_hp_a12518_switch_chassisMatch-

hpjf430b_hp_12518_switch_chassisMatch-

hpjf430c_hp_12518_ac_switch_chassisMatch-

hpjf431a_hp_a12508_switch_chassisMatch-

hpjf431b_hp_12508_switch_chassisMatch-

hpjf431c_hp_12508_ac_switch_chassisMatch-

hpjg296a_hp_5920af-24xg_switchMatch-

hpjg353a_hp_hsr6602-g_routerMatch-

hpjg354a_hp_hsr6602-xg_routerMatch-

hpjg361a_hp_hsr6802_router_chassisMatch-

hpjg361b_hp_hsr6802_router_chassisMatch-

hpjg362a_hp_hsr6804_router_chassisMatch-

hpjg362b_hp_hsr6804_router_chassisMatch-

hpjg363a_hp_hsr6808_router_chassisMatch-

hpjg363b_hp_hsr6808_router_chassisMatch-

hpjg364a_hp_hsr6800_rse-x2_router_main_processing_unitMatch-

hpjg402a_hp_msr4080_router_chassisMatch-

hpjg403a_hp_msr4060_router_chassisMatch-

hpjg404a_hp_msr3064_routerMatch-

hpjg405a_hp_msr3044_routerMatch-

hpjg406a_hp_msr3024_ac_routerMatch-

hpjg407a_hp_msr3024_dc_routerMatch-

hpjg408a_hp_msr3024_poe_routerMatch-

hpjg409a_hp_msr3012_ac_routerMatch-

hpjg410a_hp_msr3012_dc_routerMatch-

hpjg411a_hp_msr2003_ac_routerMatch-

hpjg412a_hp_msr4000_mpu-100_main_processing_unitMatch-

hpjg555a_hp_5920af-24xg_taa_switchMatch-

hpjg734a_hp_msr2004-24_ac_routerMatch-

hpjg735a\)_hp_msr2004-48_routerMatch-

hpjg776a_hp_hsr6602-g_taa-compliant_routerMatch-

hpjg777a_hp_hsr6602-xg_taa-compliant_routerMatch-

hpjg779a_hp_hsr6800_rse-x2_router_taa-compliant_main_processing_unitMatch-

hpjg782a_hp_ff_12508e_ac_switch_chassisMatch-

hpjg783a_hp_ff_12508e_dc_switch_chassisMatch-

hpjg784a_hp_ff_12518e_ac_switch_chassisMatch-

hpjg785a_hp_ff_12518e_dc_switch_chassisMatch-

hpjg802a_hp_ff_12500e_mpuMatch-

hpjg803a_hp_flexfabric_12500e_taa-compliant_main_processing_unitMatch-

hpjg811aae_hp_vsr1001_comware_7_virtual_services_routerMatch-

hpjg812aae_hp_vsr1004_comware_7_virtual_services_routerMatch-

hpjg813aae_hp_vsr1008_comware_7_virtual_services_routerMatch-

hpjg820a_hp_10504_taa_switch_chassisMatch-

hpjg821a_hp_10508_taa_switch_chassisMatch-

hpjg822a_hp_10508-v_taa_switch_chassisMatch-

hpjg823a_hp_10512_taa_switch_chassisMatch-

hpjg834a_hp_flexfabric_12508e_ac_switch_taa-compliant_chassisMatch-

hpjg835a_hp_flexfabric_12508e_dc_switch_taa-compliant_chassisMatch-

hpjg836a_hp_flexfabric_12518e_ac_switch_taa-compliant_chassisMatch-

hpjg837a_hp_flexfabric_12518e_dc_switch_taa-compliant_chassisMatch-

hpjg861a_hp_msr3024_taa-compliant_ac_routerMatch-

hpjg866a_hp_msr2003_taa-compliant_ac_routerMatch-

hpjg869a_hp_msr4000_taa-compliant_mpu-100_main_processing_unitMatch-

hpjg875a_hp_msr1002-4_ac_routerMatch-

hpjh060a_hp_msr1003-8s_ac_routerMatch-

hpjh075a\)_hp_hsr6800_rse-x3_router_main_processing_unitMatch-

hpjh179a_hp_flexfabric_5930_4-slot_switchMatch-

hpjh188a_hp_flexfabric_5930_4-slot_taa-compliant_switchMatch-

hpjg496a_hp_10500_type_a_mpu_with_comwareMatch7.0

hpjg497a_hp_12500_mpu_w\/comwareMatch7.0

hpjh198a_hp_10500_type_d_main_processing_unit_with_comwareMatch7.0

CPENameOperatorVersion
hp:jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fdhp jg786a hp flexfabric 12500 4-port 100gbe cfp fdeq-
hp:jg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taahp jg787a hp flexfabric 12500 4-port 100gbe cfp fd taaeq-
hp:jg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fghp jg788a hp flexfabric 12500 4-port 100gbe cfp fgeq-
hp:jg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taahp jg789a hp flexfabric 12500 4-port 100gbe cfp fg taaeq-
hp:jg798a_hp_flexfabric_12508e_fabrichp jg798a hp flexfabric 12508e fabriceq-
hp:jg810aae_hp_vsr1001_virtual_services_router_60_day_evaluationhp jg810aae hp vsr1001 virtual services router 60 day evaluationeq-
hp:jh192a_hp_10500_48-port_gig-t_\(rj45\)_sehp jh192a hp 10500 48-port gig-t (rj45) seeq-
hp:jh196a_hp_10500_2-port_100gbe_cfp_echp jh196a hp 10500 2-port 100gbe cfp eceq-
hp:jc072b_hp_12500_main_processing_unithp jc072b hp 12500 main processing uniteq-
hp:jc085a_hp_a12518_switch_chassishp jc085a hp a12518 switch chassiseq-

CPE	Name	Operator	Version
hp:jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fd	hp jg786a hp flexfabric 12500 4-port 100gbe cfp fd	eq	-
hp:jg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taa	hp jg787a hp flexfabric 12500 4-port 100gbe cfp fd taa	eq	-
hp:jg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fg	hp jg788a hp flexfabric 12500 4-port 100gbe cfp fg	eq	-
hp:jg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taa	hp jg789a hp flexfabric 12500 4-port 100gbe cfp fg taa	eq	-
hp:jg798a_hp_flexfabric_12508e_fabric	hp jg798a hp flexfabric 12508e fabric	eq	-
hp:jg810aae_hp_vsr1001_virtual_services_router_60_day_evaluation	hp jg810aae hp vsr1001 virtual services router 60 day evaluation	eq	-
hp:jh192a_hp_10500_48-port_gig-t_\(rj45\)_se	hp jh192a hp 10500 48-port gig-t (rj45) se	eq	-
hp:jh196a_hp_10500_2-port_100gbe_cfp_ec	hp jh196a hp 10500 2-port 100gbe cfp ec	eq	-
hp:jc072b_hp_12500_main_processing_unit	hp jc072b hp 12500 main processing unit	eq	-
hp:jc085a_hp_a12518_switch_chassis	hp jc085a hp a12518 switch chassis	eq	-

Rows per page:

1-10 of 871

References

www.securityfocus.com/bid/79869

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for CVE-2015-5434

nvd1 cvelist1 prion1