admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2015/CVE-2015-29xx/CVE-2015-2914.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

126 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2015-2914",
"sourceIdentifier": "cret@cert.org",
"published": "2015-09-21T10:59:01.960",
"lastModified": "2015-09-30T18:18:32.037",
"vulnStatus": "Analyzed",
"evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/330.html\">CWE-330: Use of Insufficiently Random Values</a>",
"descriptions": [
{
"lang": "en",
"value": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296."
},
{
"lang": "es",
"value": "Vulnerabilidad en dispositivos Securifi Almond con firmware anterior a AL1-R201EXP10-L304-W34 y dispositivos Almond-2015 con firmware anterior a AL2-R088M, usan un n\u00famero de puerto de origen fijo en consultas DNS de salida realizadas en nombre de cualquier dispositivo, lo cual hace m\u00e1s f\u00e1cil para atacantes remotos suplantar respuestas mediante el uso de este n\u00famero para el puerto de destino, una vulnerabilidad diferente a CVE-2015-7296."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "al1-r201exp10-l304-w33",
"matchCriteriaId": "D0F8D06E-B50D-41E8-9B53-DB023EC5DB3A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E395E7-282D-453B-9263-1147F1C68725"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "al2-r088",
"matchCriteriaId": "BCC7722A-CB7A-4E3E-9858-5601DB8BCA7C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FB54DB-EC2A-43EC-9EE8-C0FAFADBD912"
}
]
}
]
}
],
"references": [
{
"url": "http://www.kb.cert.org/vuls/id/906576",
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink