CVE-2015-7296

2015-09-2110:59:09

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

70.0%

JSON

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914.

Affected configurations

Nvd

Node

securifialmond_firmwareRange≤al1-r201exp10-l304-w33

AND

securifialmond

Node

securifialmond-2015_firmwareRange≤al2-r088

AND

securifialmond-2015

VendorProductVersionCPE
securifialmond_firmware*cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*
securifialmond*cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*
securifialmond-2015_firmware*cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*
securifialmond-2015*cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
securifi	almond_firmware	*	cpe:2.3:o:securifi:almond_firmware::::::::
securifi	almond	*	cpe:2.3:h:securifi:almond::::::::
securifi	almond-2015_firmware	*	cpe:2.3:o:securifi:almond-2015_firmware::::::::
securifi	almond-2015	*	cpe:2.3:h:securifi:almond-2015::::::::