CVE-2015-5293 - OpenCVE

Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Virtualization Manager

Configuration 1 [-]

cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2015-5293	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1267714	Issue Tracking VDB Entry Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-08-24T20:00:00

Updated: 2017-08-24T19:57:01

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5293

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-08-24T20:29:00.360

Modified: 2017-09-07T15:26:42.280

Link: CVE-2015-5293

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA4F0F1E-C7B8-4650-B27A-D30FCD7CACF4", "versionEndIncluding": "3.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when \"boot protocol\" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable."}, {"lang": "es", "value": "Red Hat Enterprise Virtualization Manager 3.6 y anteriores entrega direcciones SLAAC IPv6 v\u00e1lidas a interfaces cuando \"boot protocol\" se establece como None. Esto podr\u00eda permitir que atacantes remotos se comuniquen con un sistema dise\u00f1ado para ser inalcanzable."}], "id": "CVE-2015-5293", "lastModified": "2017-09-07T15:26:42.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-24T20:29:00.360", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2015-5293"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "VDB Entry", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267714"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}