Vulnerability-Lookup

CVE-2015-7819 (GCVE-0-2015-7819)

Vulnerability from cvelistv5 – Published: 2015-11-12 02:00 – Updated: 2024-08-06 07:58

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2015-7819

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7819

Aliases

CVE-2015-7819

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7819",
    "description": "The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.",
    "id": "GSD-2015-7819"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7819"
      ],
      "details": "The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.",
      "id": "GSD-2015-7819",
      "modified": "2023-12-13T01:20:01.481589Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-7819",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-552/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-552/"
          },
          {
            "name": "https://support.lenovo.com/us/en/product_security/len_2015_074",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:switch_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:system_networking_switch_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.1.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7819"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/len_2015_074",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-552/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-552/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-11-12T18:49Z",
      "publishedDate": "2015-11-12T03:59Z"
    }
  }
}

GHSA-47GG-6526-HQ9V

Vulnerability from github – Published: 2022-05-17 04:02 – Updated: 2025-04-12 12:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7819"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-11-12T03:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.",
  "id": "GHSA-47gg-6526-hq9v",
  "modified": "2025-04-12T12:54:03Z",
  "published": "2022-05-17T04:02:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7819"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-552"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201511-0265

Vulnerability from variot - Updated: 2025-04-13 23:23

The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC DB Service, that listens by default on port 40999. This service allows an unauthenticated user to obtain the account details for the SNSC Administrator, including the password. The password is stored using reversible encryption, and both the key and salt are static. An attacker can use this information to obtain the plaintext password for the SNSC Administrator or any other known account. Attackers can exploit this issue to obtain sensitive information or perform unauthorized actions. This may lead to further attacks

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.3.1.4"
      },
      {
        "_id": null,
        "model": "switch center",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "8.1.1.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.3.1.5"
      },
      {
        "_id": null,
        "model": "switch center",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "lenovo",
        "version": "8.1.2.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": null,
        "trust": 0.7,
        "vendor": "ibm",
        "version": null
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.3.1.4"
      },
      {
        "_id": null,
        "model": "switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.1.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.11"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.111"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.110"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1.2"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.4"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "switch center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.2.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1.5"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-552"
      },
      {
        "db": "BID",
        "id": "77551"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7819"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:system_networking_switch_center",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:switch_center",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "rgod",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-552"
      },
      {
        "db": "BID",
        "id": "77551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169"
      }
    ],
    "trust": 1.6
  },
  "cve": "CVE-2015-7819",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-7819",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-7819",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-85780",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-7819",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-7819",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "ZDI",
            "id": "CVE-2015-7819",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201511-169",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85780",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-552"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7819"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC DB Service, that listens by default on port 40999. This service allows an unauthenticated user to obtain the account details for the SNSC Administrator, including the password. The password is stored using reversible encryption, and both the key and salt are static. An attacker can use this information to obtain the plaintext password for the SNSC Administrator or any other known account. \nAttackers can exploit this issue to obtain sensitive information or perform unauthorized actions. This may lead to further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920"
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-552"
      },
      {
        "db": "BID",
        "id": "77551"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85780"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7819",
        "trust": 3.5
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-552",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3010",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "77551",
        "trust": 0.4
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-551",
        "trust": 0.3
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-89776",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-85780",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-552"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85780"
      },
      {
        "db": "BID",
        "id": "77551"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7819"
      }
    ]
  },
  "id": "VAR-201511-0265",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85780"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T23:23:42.557000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "LEN-2015-074",
        "trust": 1.5,
        "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
      },
      {
        "title": "Lenovo Switch Center Repair measures for trust management vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58663"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-552"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7819"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.7,
        "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
      },
      {
        "trust": 2.5,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-552/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7819"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7819"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-551/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-552"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85780"
      },
      {
        "db": "BID",
        "id": "77551"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7819"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-15-552",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-85780",
        "ident": null
      },
      {
        "db": "BID",
        "id": "77551",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7819",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2015-11-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-15-552",
        "ident": null
      },
      {
        "date": "2015-11-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85780",
        "ident": null
      },
      {
        "date": "2015-11-10T00:00:00",
        "db": "BID",
        "id": "77551",
        "ident": null
      },
      {
        "date": "2015-11-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005920",
        "ident": null
      },
      {
        "date": "2015-11-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-169",
        "ident": null
      },
      {
        "date": "2015-11-12T03:59:07.530000",
        "db": "NVD",
        "id": "CVE-2015-7819",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2015-11-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-15-552",
        "ident": null
      },
      {
        "date": "2015-11-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85780",
        "ident": null
      },
      {
        "date": "2015-11-10T00:00:00",
        "db": "BID",
        "id": "77551",
        "ident": null
      },
      {
        "date": "2015-11-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005920",
        "ident": null
      },
      {
        "date": "2015-11-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-169",
        "ident": null
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-7819",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "IBM System Networking Switch Center and  Lenovo Switch Center of  DB Vulnerability in obtaining information about important administrator accounts in the service",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005920"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "trust management",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-169"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-07513

Vulnerability from cnvd - Published: 2015-11-13

Title

Lenovo Switch Center远程提权漏洞

Description

Lenovo Switch Center（前称IBM System Networking Switch Center）是中国联想（Lenovo）公司的一套用来远程监控和管理以太网融合交换机的应用程序。 IBM System Networking Switch Center 7.1.3.4及之前版本和Lenovo Switch Center 8.1.1.0版本存在远程提权漏洞。攻击者可利用该漏洞获取SNSC管理员账户的明文密码。

Severity

中

Patch Name

Lenovo Switch Center远程提权漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://support.lenovo.com/us/en/product_security/len_2015_074

Reference

http://www.zerodayinitiative.com/advisories/ZDI-15-552/

Impacted products

Name
['IBM System Networking Switch Center <=7.3.1.4', 'Lenovo Switch Center 8.1.1.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7819"
    }
  },
  "description": "Lenovo Switch Center\uff08\u524d\u79f0IBM System Networking Switch Center\uff09\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u6765\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u4ee5\u592a\u7f51\u878d\u5408\u4ea4\u6362\u673a\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nIBM System Networking Switch Center 7.1.3.4\u53ca\u4e4b\u524d\u7248\u672c\u548cLenovo Switch Center 8.1.1.0\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6SNSC\u7ba1\u7406\u5458\u8d26\u6237\u7684\u660e\u6587\u5bc6\u7801\u3002",
  "discovererName": "rgod",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://support.lenovo.com/us/en/product_security/len_2015_074",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07513",
  "openTime": "2015-11-13",
  "patchDescription": "Lenovo Switch Center\uff08\u524d\u79f0IBM System Networking Switch Center\uff09\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u6765\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u4ee5\u592a\u7f51\u878d\u5408\u4ea4\u6362\u673a\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\nIBM System Networking Switch Center 7.1.3.4\u53ca\u4e4b\u524d\u7248\u672c\u548cLenovo Switch Center 8.1.1.0\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6SNSC\u7ba1\u7406\u5458\u8d26\u6237\u7684\u660e\u6587\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Lenovo Switch Center\u8fdc\u7a0b\u63d0\u6743\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM System Networking Switch Center \u003c=7.3.1.4",
      "Lenovo Switch Center 8.1.1.0"
    ]
  },
  "referenceLink": "http://www.zerodayinitiative.com/advisories/ZDI-15-552/",
  "serverity": "\u4e2d",
  "submitTime": "2015-11-12",
  "title": "Lenovo Switch Center\u8fdc\u7a0b\u63d0\u6743\u6f0f\u6d1e"
}

FKIE_CVE-2015-7819

Vulnerability from fkie_nvd - Published: 2015-11-12 03:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-15-552/
cve@mitre.org	https://support.lenovo.com/us/en/product_security/len_2015_074	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-15-552/
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/product_security/len_2015_074	Vendor Advisory

Impacted products

	Vendor	Product	Version
	lenovo	switch_center	*
	ibm	system_networking_switch_center	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:switch_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2AC6A9-DF5D-451C-83F6-BE2066527F30",
              "versionEndIncluding": "8.1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:system_networking_switch_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F78E25E-A371-486B-A7A4-C82F806266ED",
              "versionEndIncluding": "7.3.1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password."
    },
    {
      "lang": "es",
      "value": "El servicio DB en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a atacantes remotos obtener informaci\u00f3n sensible de la cuenta administrador a trav\u00e9s de una petici\u00f3n al puerto 40999, seg\u00fan lo demostrado por una contrase\u00f1a cifrada incorrectamente."
    }
  ],
  "id": "CVE-2015-7819",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-12T03:59:07.530",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-552/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-552/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7819 (GCVE-0-2015-7819)

GSD-2015-7819

GHSA-47GG-6526-HQ9V

VAR-201511-0265

CNVD-2015-07513

FKIE_CVE-2015-7819

Tags

Sightings

Nomenclature