Details of VAR-201511-0266

ID

VAR-201511-0266

CVE

CVE-2015-7820

TITLE

IBM System Networking Switch Center and Lenovo Switch Center Vulnerable to gaining access to privileged accounts

Trust: 0.8

sources: JVNDB: JVNDB-2015-005921

DESCRIPTION

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443. Authentication is not required to exploit this vulnerability.The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. The first is a race condition, which allows the for the temporary use of a fixed privileged account which is forbidden from interactive login, and the second is the ability to specify any file on the system in ZipDownload.jsp. By combining these two vulnerabilities, an attacker can read arbitrary files on the system. This may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2015-7820 // JVNDB: JVNDB-2015-005921 // ZDI: ZDI-15-554 // BID: 77554 // VULHUB: VHN-85781

AFFECTED PRODUCTS

vendor:	ibm	model:	system networking switch center	scope:	lte	version:	7.3.1.4	Trust: 1.0
vendor:	lenovo	model:	switch center	scope:	lte	version:	8.1.1.0	Trust: 1.0
vendor:	ibm	model:	system networking switch center	scope:	lt	version:	7.3.1.5	Trust: 0.8
vendor:	lenovo	model:	switch center	scope:	lt	version:	8.1.2.0	Trust: 0.8
vendor:	ibm	model:	system networking switch center	scope:	-	version:	-	Trust: 0.7
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.3.1.4	Trust: 0.6
vendor:	lenovo	model:	switch center	scope:	eq	version:	8.1.1.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.3.11	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.2.111	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.2.110	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.32	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.31	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.3.1.2	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.3.4	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.3.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.2.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1.1.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	eq	version:	7.1	Trust: 0.3
vendor:	lenovo	model:	switch center	scope:	ne	version:	8.1.2.0	Trust: 0.3
vendor:	ibm	model:	system networking switch center	scope:	ne	version:	7.3.1.5	Trust: 0.3

sources: ZDI: ZDI-15-554 // BID: 77554 // JVNDB: JVNDB-2015-005921 // CNNVD: CNNVD-201511-171 // NVD: CVE-2015-7820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7820
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7820
value:	HIGH
Trust: 0.8
ZDI:	CVE-2015-7820
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201511-171
value:	HIGH
Trust: 0.6
VULHUB:	VHN-85781
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7820
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.5
VULHUB:	VHN-85781
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-15-554 // VULHUB: VHN-85781 // JVNDB: JVNDB-2015-005921 // CNNVD: CNNVD-201511-171 // NVD: CVE-2015-7820

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-85781 // JVNDB: JVNDB-2015-005921 // NVD: CVE-2015-7820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-171

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201511-171

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005921

PATCH

title:	LEN-2015-074	url:	https://support.lenovo.com/jp/ja/product_security/len_2015_074	Trust: 0.8
title:	IBM has issued an update to correct this vulnerability.	url:	https://support.lenovo.com/us/en/product_security/len_2015_074	Trust: 0.7
title:	Lenovo Switch Center Repair measures for competitive conditions	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58665	Trust: 0.6

sources: ZDI: ZDI-15-554 // JVNDB: JVNDB-2015-005921 // CNNVD: CNNVD-201511-171

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7820	Trust: 3.5
db:	ZDI	id:	ZDI-15-554	Trust: 3.5
db:	JVNDB	id:	JVNDB-2015-005921	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3011	Trust: 0.7
db:	CNNVD	id:	CNNVD-201511-171	Trust: 0.7
db:	BID	id:	77554	Trust: 0.4
db:	SEEBUG	id:	SSVID-89838	Trust: 0.1
db:	VULHUB	id:	VHN-85781	Trust: 0.1

sources: ZDI: ZDI-15-554 // VULHUB: VHN-85781 // BID: 77554 // JVNDB: JVNDB-2015-005921 // CNNVD: CNNVD-201511-171 // NVD: CVE-2015-7820

REFERENCES

url:	http://www.zerodayinitiative.com/advisories/zdi-15-554/	Trust: 2.8
url:	https://support.lenovo.com/us/en/product_security/len_2015_074	Trust: 2.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7820	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7820	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3

sources: ZDI: ZDI-15-554 // VULHUB: VHN-85781 // BID: 77554 // JVNDB: JVNDB-2015-005921 // CNNVD: CNNVD-201511-171 // NVD: CVE-2015-7820

CREDITS

Andrea Micalizzi (rgod)

Trust: 1.6

sources: ZDI: ZDI-15-554 // BID: 77554 // CNNVD: CNNVD-201511-171

SOURCES

db:	ZDI	id:	ZDI-15-554
db:	VULHUB	id:	VHN-85781
db:	BID	id:	77554
db:	JVNDB	id:	JVNDB-2015-005921
db:	CNNVD	id:	CNNVD-201511-171
db:	NVD	id:	CVE-2015-7820

LAST UPDATE DATE

2025-04-13T23:35:06.014000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-554	date:	2015-11-10T00:00:00
db:	VULHUB	id:	VHN-85781	date:	2015-11-12T00:00:00
db:	BID	id:	77554	date:	2015-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-005921	date:	2015-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201511-171	date:	2015-11-13T00:00:00
db:	NVD	id:	CVE-2015-7820	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-15-554	date:	2015-11-10T00:00:00
db:	VULHUB	id:	VHN-85781	date:	2015-11-12T00:00:00
db:	BID	id:	77554	date:	2015-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-005921	date:	2015-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201511-171	date:	2015-11-11T00:00:00
db:	NVD	id:	CVE-2015-7820	date:	2015-11-12T03:59:08.500