nvd-json-data-feeds/CVE-2015/CVE-2015-72xx/CVE-2015-7279.json

{
  "id": "CVE-2015-7279",
  "sourceIdentifier": "cret@cert.org",
  "published": "2015-12-31T05:59:21.337",
  "lastModified": "2016-11-28T19:42:54.870",
  "vulnStatus": "Modified",
  "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/331.html\">CWE-331: Insufficient Entropy</a>",
  "descriptions": [
    {
      "lang": "en",
      "value": "Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value."
    },
    {
      "lang": "es",
      "value": "Dispositivos Amped Wireless R10000 con firmware 2.5.2.11 utilizan un algoritmo indebido para seleccionar un valor ID en la cabecera de una consulta DNS, lo que hace m\u00e1s f\u00e1cil para atacantes remotos suplantar respuestas prediciendo este valor."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ampedwireless:r10000_firmware:2.5.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "181B62A0-3475-4358-90F6-E729CF0F87C2"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:ampedwireless:r10000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6581CEAE-F9A9-478C-882E-469209384DA4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/78818",
      "source": "cret@cert.org"
    },
    {
      "url": "https://www.kb.cert.org/vuls/id/763576",
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    }
  ]
}