CVE-2015-7819
IBM System Networking Switch Center DB Service Remote Elevation of Privilege Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.
El servicio DB en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a atacantes remotos obtener información sensible de la cuenta administrador a través de una petición al puerto 40999, según lo demostrado por una contraseña cifrada incorrectamente.
This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the IBM SNSC DB Service, that listens by default on port 40999. This service allows an unauthenticated user to obtain the account details for the SNSC Administrator, including the password. The password is stored using reversible encryption, and both the key and salt are static. An attacker can use this information to obtain the plaintext password for the SNSC Administrator or any other known account.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-10-14 CVE Reserved
- 2015-11-10 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.zerodayinitiative.com/advisories/ZDI-15-552 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.lenovo.com/us/en/product_security/len_2015_074 | 2015-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Lenovo Search vendor "Lenovo" | Switch Center Search vendor "Lenovo" for product "Switch Center" | <= 8.1.1.0 Search vendor "Lenovo" for product "Switch Center" and version " <= 8.1.1.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | System Networking Switch Center Search vendor "Ibm" for product "System Networking Switch Center" | <= 7.3.1.4 Search vendor "Ibm" for product "System Networking Switch Center" and version " <= 7.3.1.4" | - |
Affected
|