CVE-2015-6551

{"id": "CVE-2015-6551", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2016-05-07T14:59:01.197", "references": [{"url": "http://www.securitytracker.com/id/1035704", "source": "secure@symantec.com"}, {"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets."}, {"lang": "es", "value": "Veritas NetBackup 7.x hasta la versi\u00f3n 7.5.0.7 y 7.6.0.x hasta la versi\u00f3n 7.6.0.4 y NetBackup Appliance hasta la versi\u00f3n 2.5.4 y 2.6.0.x hasta la versi\u00f3n 2.6.0.4 no utilizan TLS para el tr\u00e1fico de la consola de administraci\u00f3n al servidor NBU, lo que permite a atacantes remotos obtener informaci\u00f3n sensible husmeando la red en busca de paquetes de intercambio de clave."}], "lastModified": "2016-12-01T03:01:00.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99C75EB-3507-4704-A565-AB2CF5369A74"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC406C50-6C2B-4160-890F-29DC444DC886"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "778FBECC-2C4C-45D5-A1E8-6678C541AA02"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46E3145F-197D-4860-AF50-8970CC803BFA"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A17E4E50-9D65-460F-8BE1-27A174A6254A"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5A861A3-FF48-47AD-BDE0-323E12CB7819"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EC7B2BA-DC01-4611-921B-C8C94651F142"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7002266-E3B0-4A96-BE09-741A30E74B40"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04D8275D-EE04-4BF7-9482-AE75A2E21F0A"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C24158D-E922-4B07-8F67-58DD714346E5"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "658F2C00-3B49-4011-9F83-62ED504F7476"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A48563EA-D19E-4B62-8AE9-BE15D5EB8932"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E294AFF-E630-4A50-B3DE-E16AF3E595E3"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9465004-79E0-46B0-B66A-48F3665ADA8E"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE8A0C61-6B44-4344-AFC9-834B5B653B58"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F92467E-E91F-464F-B8C0-8724E4DB83CB"}, {"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACD568CB-7839-4DD4-AA6C-E3F14D54477B"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4356423A-17CF-4013-977B-F151BB5CC206"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF9E0A06-0022-43B1-9DFD-025D4FB13055"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40301990-E272-40C0-90B7-FCDA3B4B5CD3"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9163537F-6657-4758-A980-6CCC8283F51B"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAD0859E-A3D1-416B-B841-EB052CAF6CEA"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54A5CAC2-5DD8-4FAE-B661-32A0017A557A"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D741998D-20C0-4627-BF23-023D6C341746"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01F5DFE7-64AF-4228-A30A-340B7BAA86EE"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D479700-9A02-466B-A2CD-107F6EAF4AC5"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E185B358-0805-4241-9960-23216974BEFD"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B672A9C-7549-4120-A966-D24090575506"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E464653E-CFE4-4F9E-A021-DB16D9CE6046"}, {"criteria": "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}