Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Virtualization Manager

Configuration 1 [-]

cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://access.redhat.com/security/cve/CVE-2015-5293 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1267714 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2015-5293 cve-icon
https://www.cve.org/CVERecord?id=CVE-2015-5293 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-08-24T20:00:00

Updated: 2024-08-06T06:41:09.513Z

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5293

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2017-08-24T20:29:00.360

Modified: 2017-09-07T15:26:42.280

Link: CVE-2015-5293

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-09-30T00:00:00Z

Links: CVE-2015-5293 - Bugzilla