CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.4 | $0-$5k | 0.00 |
A vulnerability was found in HP Network Switch up to 15.18. It has been declared as problematic. Affected by this vulnerability is an unknown code. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
The weakness was presented 12/11/2015 as c04920918 as confirmed security bulletin (Website). It is possible to read the advisory at h20564.www2.hpe.com. This vulnerability is known as CVE-2015-6859 since 09/10/2015. Attacking locally is a requirement. A single authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
Upgrading to version 15.18.0007 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at SecurityTracker (ID 1034410†). See VDB-79784 for similar entry.
Affected
- J8692A HP 3500-24G-PoE yl Switch
- J8693A HP 3500-48G-PoE yl Switch
- J8697A HP E5406 zl Switch Chassis
- J8698A HP E5412 zl Switch Chassis
- J8699A HP 5406-48G zl Switch
- J8700A HP 5412-96G zl Switch
- J8715A ProCurve Switch 8212zl Base System
- J8715B HP E8212 zl Switch Base System
- J8992A HP 6200-24G-mGBIC yl Switch
- J9091A ProCurve Switch 8212zl Chassis and Fan Tray
- J9263A HP E6600-24G Switch
- J9264A HP 6600-24G-4XG Switch
- J9265A HP 6600-24XG Switch
- J9310A HP 3500-24G-PoE+ yl Switch
- J9311A HP 3500-48G-PoE+ yl Switch
- J9447A HP 5406-44G-PoE+-4SFP zl Switch
- J9448A HP 5412-92G-PoE+-4SFP zl Switch
- J9451A HP E6600-48G Switch
- J9452A HP 6600-48G-4XG Switch
- J9470A HP 3500-24 Switch
- J9471A HP 3500-24-PoE Switch
- J9472A HP 3500-48 Switch
- J9473A HP 3500-48-PoE Switch
- J9475A HP E8206 zl Switch Base System
- J9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW
- J9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW
- J9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW
- J9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW
- J9573A HP 3800-24G-PoE+-2SFP+ Switch
- J9574A HP 3800-48G-PoE+-4SFP+ Switch
- J9575A HP 3800-24G-2SFP+ Switch
- J9576A HP 3800-48G-4SFP+ Switch
- J9584A HP 3800-24SFP-2SFP+ Switch
- J9585A HP 3800-24G-2XG Switch
- J9586A HP 3800-48G-4XG Switch
- J9587A HP 3800-24G-PoE+-2XG Switch
- J9588A HP 3800-48G-PoE+-4XG Switch
- J9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW
- J9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW
- J9640A HP 8206 zl Switch w/Premium Software
- J9641A HP 8212 zl Switch with Premium SW
- J9642A HP 5406 zl Switch with Premium Software
- J9643A HP 5412 zl Switch with Premium Software
- J9821A HP 5406R zl2 Switch
- J9822A HP 5412R zl2 Switch
- J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch
- J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch
- J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch
- J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch
- J9850A HP 5406R zl2 Switch
- J9851A HP 5412R zl2 Switch
- J9866A HP 5406 8p10GT 8p10GE Swch and Psw
- J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.4
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Network Switch 15.18.0007
Timeline
09/10/2015 🔍12/11/2015 🔍
12/11/2015 🔍
12/14/2015 🔍
12/15/2015 🔍
01/05/2016 🔍
07/01/2022 🔍
Sources
Vendor: hp.comAdvisory: c04920918
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2015-6859 (🔍)
SecurityTracker: 1034410
See also: 🔍
Entry
Created: 12/15/2015 09:28 AMUpdated: 07/01/2022 07:30 AM
Changes: 12/15/2015 09:28 AM (49), 05/03/2018 12:16 PM (8), 07/01/2022 07:30 AM (13)
Complete: 🔍
Cache ID: 35:F0A:40
No comments yet. Languages: en.
Please log in to comment.