Access Bypass Vulnerability in HPE Network Switches
CVE-2015-6860

8.4HIGH

Key Information:

Vendor: HP
Status: Network Switch Software; J8692a; J8693a; J8697a
Vendor: CVE Published:; 5 January 2016

Summary

The vulnerability allows authenticated local users to bypass intended access restrictions on HPE Network Switches running software versions 15.16.x and 15.17.x. By exploiting this flaw, users may gain unauthorized access to restricted functions or data. This issue arises from unspecified vectors, which have not been publicly disclosed, leading to potential security risks on affected devices. It is crucial for administrators to evaluate their systems and apply necessary mitigations or updates.

References

http://www.securitytracker.com/id/1034410

vdb-entryx_refsource_SECTRACK

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2016
Vulnerability Reserved
Sep 10, 2015