Lucene search

[email protected]CVE-2015-7820

HistoryNov 12, 2015 - 3:59 a.m.

CVE-2015-7820

2015-11-1203:59:08

CWE-362

[email protected]

web.nvd.nist.gov

cve-2015-7820

ibm

lenovo

snsc

switch center

race condition

administration panel

web service

privileged account access

directory traversal

arbitrary files

port 40080

port 40443

nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.225 Low

EPSS

Percentile

96.5%

JSON

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.

Affected configurations

NVD

Node

lenovoswitch_centerRange≤8.1.1.0

Node

ibmsystem_networking_switch_centerRange≤7.3.1.4

CPENameOperatorVersion
lenovo:switch_centerlenovo switch centerle8.1.1.0

CPE	Name	Operator	Version
lenovo:switch_center	lenovo switch center	le	8.1.1.0

References

www.zerodayinitiative.com/advisories/ZDI-15-554/

support.lenovo.com/us/en/product_security/len_2015_074

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.225 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2015-7820

zdi1 cvelist1 prion1 nvd1 ibm1 lenovo2