CVE-2015-5434 - Vulnerability Details

Description

HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."

Published: 2016-01-05

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:hp:jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fd:-:::::::*
	cpe:2.3:a:hp:jg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taa:-:::::::*
	cpe:2.3:a:hp:jg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fg:-:::::::*
	cpe:2.3:a:hp:jg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taa:-:::::::*
	cpe:2.3:a:hp:jg798a_hp_flexfabric_12508e_fabric:-:::::::*
	cpe:2.3:a:hp:jg810aae_hp_vsr1001_virtual_services_router_60_day_evaluation:-:::::::*
	cpe:2.3:a:hp:jh192a_hp_10500_48-port_gig-t_\(rj45\)_se:-:::::::*
	cpe:2.3:a:hp:jh196a_hp_10500_2-port_100gbe_cfp_ec:-:::::::*
	cpe:2.3:h:hp:jc072b_hp_12500_main_processing_unit:-:::::::*
	cpe:2.3:h:hp:jc085a_hp_a12518_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc086a_hp_a12508_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc124a_hp_a9508_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc124b_hp_9505_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc125a_hp_a9512_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc125b_hp_9512_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc474a_hp_a9508-v_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc474b_hp_9508-v_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc611a_hp_10508-v_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc612a_hp_10508_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc613a_hp_10504_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc652a_hp_12508_dc_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc653a_hp_12518_dc_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc654a_hp_12504_ac_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc655a_hp_12504_dc_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc748a_hp_10512_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jc808a_hp_12500_taa_main_processing_unit:-:::::::*
	cpe:2.3:h:hp:jf430a_hp_a12518_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jf430b_hp_12518_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jf430c_hp_12518_ac_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jf431a_hp_a12508_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jf431b_hp_12508_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jf431c_hp_12508_ac_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jg296a_hp_5920af-24xg_switch:-:::::::*
	cpe:2.3:h:hp:jg353a_hp_hsr6602-g_router:-:::::::*
	cpe:2.3:h:hp:jg354a_hp_hsr6602-xg_router:-:::::::*
	cpe:2.3:h:hp:jg361a_hp_hsr6802_router_chassis:-:::::::*
	cpe:2.3:h:hp:jg361b_hp_hsr6802_router_chassis:-:::::::*
	cpe:2.3:h:hp:jg362a_hp_hsr6804_router_chassis:-:::::::*
	cpe:2.3:h:hp:jg362b_hp_hsr6804_router_chassis:-:::::::*
	cpe:2.3:h:hp:jg363a_hp_hsr6808_router_chassis:-:::::::*
	cpe:2.3:h:hp:jg363b_hp_hsr6808_router_chassis:-:::::::*
	cpe:2.3:h:hp:jg364a_hp_hsr6800_rse-x2_router_main_processing_unit:-:::::::*
	cpe:2.3:h:hp:jg402a_hp_msr4080_router_chassis:-:::::::*
	cpe:2.3:h:hp:jg403a_hp_msr4060_router_chassis:-:::::::*
	cpe:2.3:h:hp:jg404a_hp_msr3064_router:-:::::::*
	cpe:2.3:h:hp:jg405a_hp_msr3044_router:-:::::::*
	cpe:2.3:h:hp:jg406a_hp_msr3024_ac_router:-:::::::*
	cpe:2.3:h:hp:jg407a_hp_msr3024_dc_router:-:::::::*
	cpe:2.3:h:hp:jg408a_hp_msr3024_poe_router:-:::::::*
	cpe:2.3:h:hp:jg409a_hp_msr3012_ac_router:-:::::::*
	cpe:2.3:h:hp:jg410a_hp_msr3012_dc_router:-:::::::*
	cpe:2.3:h:hp:jg411a_hp_msr2003_ac_router:-:::::::*
	cpe:2.3:h:hp:jg412a_hp_msr4000_mpu-100_main_processing_unit:-:::::::*
	cpe:2.3:h:hp:jg555a_hp_5920af-24xg_taa_switch:-:::::::*
	cpe:2.3:h:hp:jg734a_hp_msr2004-24_ac_router:-:::::::*
	cpe:2.3:h:hp:jg735a\)_hp_msr2004-48_router:-:::::::*
	cpe:2.3:h:hp:jg776a_hp_hsr6602-g_taa-compliant_router:-:::::::*
	cpe:2.3:h:hp:jg777a_hp_hsr6602-xg_taa-compliant_router:-:::::::*
	cpe:2.3:h:hp:jg779a_hp_hsr6800_rse-x2_router_taa-compliant_main_processing_unit:-:::::::*
	cpe:2.3:h:hp:jg782a_hp_ff_12508e_ac_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jg783a_hp_ff_12508e_dc_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jg784a_hp_ff_12518e_ac_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jg785a_hp_ff_12518e_dc_switch_chassis:-:::::::*
	cpe:2.3:h:hp:jg802a_hp_ff_12500e_mpu:-:::::::*
cpe:2.3:h:hp:jg803a_hp_flexfabric_12500e_taa-compliant_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg811aae_hp_vsr1001_comware_7_virtual_services_router:-:::::::*
cpe:2.3:h:hp:jg812aae_hp_vsr1004_comware_7_virtual_services_router:-:::::::*
cpe:2.3:h:hp:jg813aae_hp_vsr1008_comware_7_virtual_services_router:-:::::::*
cpe:2.3:h:hp:jg820a_hp_10504_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg821a_hp_10508_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg822a_hp_10508-v_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg823a_hp_10512_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg834a_hp_flexfabric_12508e_ac_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg835a_hp_flexfabric_12508e_dc_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg836a_hp_flexfabric_12518e_ac_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg837a_hp_flexfabric_12518e_dc_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg861a_hp_msr3024_taa-compliant_ac_router:-:::::::*
cpe:2.3:h:hp:jg866a_hp_msr2003_taa-compliant_ac_router:-:::::::*
cpe:2.3:h:hp:jg869a_hp_msr4000_taa-compliant_mpu-100_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg875a_hp_msr1002-4_ac_router:-:::::::*
cpe:2.3:h:hp:jh060a_hp_msr1003-8s_ac_router:-:::::::*
cpe:2.3:h:hp:jh075a\)_hp_hsr6800_rse-x3_router_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jh179a_hp_flexfabric_5930_4-slot_switch:-:::::::*
cpe:2.3:h:hp:jh188a_hp_flexfabric_5930_4-slot_taa-compliant_switch:-:::::::*
cpe:2.3:o:hp:jg496a_hp_10500_type_a_mpu_with_comware:7.0:::::::*
cpe:2.3:o:hp:jg497a_hp_12500_mpu_w\/comware:7.0:::::::*
cpe:2.3:o:hp:jh198a_hp_10500_type_d_main_processing_unit_with_comware:7.0:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2015-5390	HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00699.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.securityfocus.com/bid/79869
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492

History

No history.

Subscriptions

Hp Jc072b Hp 12500 Main Processing Unit Jc085a Hp A12518 Switch Chassis Jc086a Hp A12508 Switch Chassis Jc124a Hp A9508 Switch Chassis Jc124b Hp 9505 Switch Chassis Jc125a Hp A9512 Switch Chassis Jc125b Hp 9512 Switch Chassis Jc474a Hp A9508-v Switch Chassis Jc474b Hp 9508-v Switch Chassis Jc611a Hp 10508-v Switch Chassis Jc612a Hp 10508 Switch Chassis Jc613a Hp 10504 Switch Chassis Jc652a Hp 12508 Dc Switch Chassis Jc653a Hp 12518 Dc Switch Chassis Jc654a Hp 12504 Ac Switch Chassis Jc655a Hp 12504 Dc Switch Chassis Jc748a Hp 10512 Switch Chassis Jc808a Hp 12500 Taa Main Processing Unit Jf430a Hp A12518 Switch Chassis Jf430b Hp 12518 Switch Chassis Jf430c Hp 12518 Ac Switch Chassis Jf431a Hp A12508 Switch Chassis Jf431b Hp 12508 Switch Chassis Jf431c Hp 12508 Ac Switch Chassis Jg296a Hp 5920af-24xg Switch Jg353a Hp Hsr6602-g Router Jg354a Hp Hsr6602-xg Router Jg361a Hp Hsr6802 Router Chassis Jg361b Hp Hsr6802 Router Chassis Jg362a Hp Hsr6804 Router Chassis Jg362b Hp Hsr6804 Router Chassis Jg363a Hp Hsr6808 Router Chassis Jg363b Hp Hsr6808 Router Chassis Jg364a Hp Hsr6800 Rse-x2 Router Main Processing Unit Jg402a Hp Msr4080 Router Chassis Jg403a Hp Msr4060 Router Chassis Jg404a Hp Msr3064 Router Jg405a Hp Msr3044 Router Jg406a Hp Msr3024 Ac Router Jg407a Hp Msr3024 Dc Router Jg408a Hp Msr3024 Poe Router Jg409a Hp Msr3012 Ac Router Jg410a Hp Msr3012 Dc Router Jg411a Hp Msr2003 Ac Router Jg412a Hp Msr4000 Mpu-100 Main Processing Unit Jg496a Hp 10500 Type A Mpu With Comware Jg497a Hp 12500 Mpu W\/comware Jg555a Hp 5920af-24xg Taa Switch Jg734a Hp Msr2004-24 Ac Router Jg735a\) Hp Msr2004-48 Router Jg776a Hp Hsr6602-g Taa-compliant Router Jg777a Hp Hsr6602-xg Taa-compliant Router Jg779a Hp Hsr6800 Rse-x2 Router Taa-compliant Main Processing Unit Jg782a Hp Ff 12508e Ac Switch Chassis Jg783a Hp Ff 12508e Dc Switch Chassis Jg784a Hp Ff 12518e Ac Switch Chassis Jg785a Hp Ff 12518e Dc Switch Chassis Jg786a Hp Flexfabric 12500 4-port 100gbe Cfp Fd Jg787a Hp Flexfabric 12500 4-port 100gbe Cfp Fd Taa Jg788a Hp Flexfabric 12500 4-port 100gbe Cfp Fg Jg789a Hp Flexfabric 12500 4-port 100gbe Cfp Fg Taa Jg798a Hp Flexfabric 12508e Fabric Jg802a Hp Ff 12500e Mpu Jg803a Hp Flexfabric 12500e Taa-compliant Main Processing Unit Jg810aae Hp Vsr1001 Virtual Services Router 60 Day Evaluation Jg811aae Hp Vsr1001 Comware 7 Virtual Services Router Jg812aae Hp Vsr1004 Comware 7 Virtual Services Router Jg813aae Hp Vsr1008 Comware 7 Virtual Services Router Jg820a Hp 10504 Taa Switch Chassis Jg821a Hp 10508 Taa Switch Chassis Jg822a Hp 10508-v Taa Switch Chassis Jg823a Hp 10512 Taa Switch Chassis Jg834a Hp Flexfabric 12508e Ac Switch Taa-compliant Chassis Jg835a Hp Flexfabric 12508e Dc Switch Taa-compliant Chassis Jg836a Hp Flexfabric 12518e Ac Switch Taa-compliant Chassis Jg837a Hp Flexfabric 12518e Dc Switch Taa-compliant Chassis Jg861a Hp Msr3024 Taa-compliant Ac Router Jg866a Hp Msr2003 Taa-compliant Ac Router Jg869a Hp Msr4000 Taa-compliant Mpu-100 Main Processing Unit Jg875a Hp Msr1002-4 Ac Router Jh060a Hp Msr1003-8s Ac Router Jh075a\) Hp Hsr6800 Rse-x3 Router Main Processing Unit Jh179a Hp Flexfabric 5930 4-slot Switch Jh188a Hp Flexfabric 5930 4-slot Taa-compliant Switch Jh192a Hp 10500 48-port Gig-t \(rj45\) Se Jh196a Hp 10500 2-port 100gbe Cfp Ec Jh198a Hp 10500 Type D Main Processing Unit With Comware

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2016-01-05T11:00:00.000Z

Updated: 2024-08-06T06:50:01.997Z

Reserved: 2015-07-07T00:00:00.000Z

Link: CVE-2015-5434

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-01-05T11:59:00.097

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-5434

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-264

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object