Details of VAR-201511-0265

ID

VAR-201511-0265

CVE

CVE-2015-7819

TITLE

IBM System Networking Switch Center and Lenovo Switch Center of DB Vulnerability in obtaining information about important administrator accounts in the service

Trust: 0.8

sources: JVNDB: JVNDB-2015-005920

DESCRIPTION

The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC DB Service, that listens by default on port 40999. This service allows an unauthenticated user to obtain the account details for the SNSC Administrator, including the password. The password is stored using reversible encryption, and both the key and salt are static. An attacker can use this information to obtain the plaintext password for the SNSC Administrator or any other known account. Attackers can exploit this issue to obtain sensitive information or perform unauthorized actions. This may lead to further attacks

Trust: 2.61

sources: NVD: CVE-2015-7819 // JVNDB: JVNDB-2015-005920 // ZDI: ZDI-15-552 // BID: 77551 // VULHUB: VHN-85780

AFFECTED PRODUCTS

vendor:	ibm	model:	system networking switch center	scope:	lte	version:	7.3.1.4	Trust: 1.0
vendor:	lenovo	model:	switch center	scope:	lte	version:	8.1.1.0	Trust: 1.0
vendor:	ibm	model:	system networking switch center	scope:	lt	version:	7.3.1.5	Trust: 0.8
vendor:	lenovo	model:	switch center	scope:	lt	version:	8.1.2.0	Trust: 0.8
vendor:	ibm	model:	system networking switch center	scope:	-	version:	-	Trust: 0.7
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.3.1.4	Trust: 0.6
vendor:	lenovo	model:	switch center	scope:	eq	version:	8.1.1.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.3.11	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.2.111	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.2.110	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.32	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.31	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.3.1.2	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.3.4	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.3.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.2.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.1.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1	Trust: 0.3
vendor:	lenovo	model:	switch center	scope:	ne	version:	8.1.2.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	ne	version:	7.3.1.5	Trust: 0.3

sources: ZDI: ZDI-15-552 // BID: 77551 // JVNDB: JVNDB-2015-005920 // CNNVD: CNNVD-201511-169 // NVD: CVE-2015-7819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7819
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7819
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2015-7819
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201511-169
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85780
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7819
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2015-7819
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-85780
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-15-552 // VULHUB: VHN-85780 // JVNDB: JVNDB-2015-005920 // CNNVD: CNNVD-201511-169 // NVD: CVE-2015-7819

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-85780 // JVNDB: JVNDB-2015-005920 // NVD: CVE-2015-7819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-169

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201511-169

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005920

PATCH

title:	LEN-2015-074	url:	https://support.lenovo.com/us/en/product_security/len_2015_074	Trust: 1.5
title:	Lenovo Switch Center Repair measures for trust management vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58663	Trust: 0.6

sources: ZDI: ZDI-15-552 // JVNDB: JVNDB-2015-005920 // CNNVD: CNNVD-201511-169

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7819	Trust: 3.5
db:	ZDI	id:	ZDI-15-552	Trust: 3.2
db:	JVNDB	id:	JVNDB-2015-005920	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3010	Trust: 0.7
db:	CNNVD	id:	CNNVD-201511-169	Trust: 0.7
db:	BID	id:	77551	Trust: 0.4
db:	ZDI	id:	ZDI-15-551	Trust: 0.3
db:	SEEBUG	id:	SSVID-89776	Trust: 0.1
db:	VULHUB	id:	VHN-85780	Trust: 0.1

sources: ZDI: ZDI-15-552 // VULHUB: VHN-85780 // BID: 77551 // JVNDB: JVNDB-2015-005920 // CNNVD: CNNVD-201511-169 // NVD: CVE-2015-7819

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len_2015_074	Trust: 2.7
url:	http://www.zerodayinitiative.com/advisories/zdi-15-552/	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7819	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7819	Trust: 0.8
url:	http://www.ibm.com	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-551/	Trust: 0.3

sources: ZDI: ZDI-15-552 // VULHUB: VHN-85780 // BID: 77551 // JVNDB: JVNDB-2015-005920 // CNNVD: CNNVD-201511-169 // NVD: CVE-2015-7819

CREDITS

rgod

Trust: 1.6

sources: ZDI: ZDI-15-552 // BID: 77551 // CNNVD: CNNVD-201511-169

SOURCES

db:	ZDI	id:	ZDI-15-552
db:	VULHUB	id:	VHN-85780
db:	BID	id:	77551
db:	JVNDB	id:	JVNDB-2015-005920
db:	CNNVD	id:	CNNVD-201511-169
db:	NVD	id:	CVE-2015-7819

LAST UPDATE DATE

2025-04-13T23:23:42.557000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-552	date:	2015-11-10T00:00:00
db:	VULHUB	id:	VHN-85780	date:	2015-11-12T00:00:00
db:	BID	id:	77551	date:	2015-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-005920	date:	2015-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201511-169	date:	2015-11-13T00:00:00
db:	NVD	id:	CVE-2015-7819	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-15-552	date:	2015-11-10T00:00:00
db:	VULHUB	id:	VHN-85780	date:	2015-11-12T00:00:00
db:	BID	id:	77551	date:	2015-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-005920	date:	2015-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201511-169	date:	2015-11-11T00:00:00
db:	NVD	id:	CVE-2015-7819	date:	2015-11-12T03:59:07.530