CVE-2015-7906

LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-342-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:loytec:l-switch_and_l-ip_firmware:6.0.1:*:*:*:*:*:*:*

OR	cpe:2.3:h:loytec:linx-100:-:::::::*
	cpe:2.3:h:loytec:lip-3ectb:-:::::::*
	cpe:2.3:h:loytec:lip-me201:-:::::::*
	cpe:2.3:h:loytec:lvis-3e100:-:::::::*

History

No history.

Information

Published : 2015-12-21 11:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-7906

Mitre link : CVE-2015-7906

CVE.ORG link : CVE-2015-7906

JSON object : View

Products Affected

loytec

linx-100
l-switch_and_l-ip_firmware
lip-3ectb
lvis-3e100
lip-me201

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2015-7906", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-12-21T11:59:08.143", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-342-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors."}, {"lang": "es", "value": "Dispositivos LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100 y LIP-ME201 permiten a atacantes remotos leer una contrase\u00f1a-hash de un archivo de copia de seguridad a trav\u00e9s de vectores no especificados."}], "lastModified": "2015-12-21T18:27:35.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:loytec:l-switch_and_l-ip_firmware:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F0795BA-5E7D-45BB-82FE-13F3368C097E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:loytec:linx-100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "29BBF054-6B05-4F0C-8B17-FD148582B422"}, {"criteria": "cpe:2.3:h:loytec:lip-3ectb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F63CC388-013C-478C-B21A-8BBB305005D6"}, {"criteria": "cpe:2.3:h:loytec:lip-me201:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "842CB271-8A4A-4E29-B9CA-3B400005C947"}, {"criteria": "cpe:2.3:h:loytec:lvis-3e100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "873EF68F-6A26-4796-8221-C57ADC29BA41"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}