SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   HPE ProCurve Switch Vendors:   HPE
HP Network Switch Unspecified Flaws Let Local Users Bypass Security Restrictions and Gain Elevated Privileges
SecurityTracker Alert ID:  1034410
SecurityTracker URL:  http://securitytracker.com/id/1034410
CVE Reference:   CVE-2015-6859, CVE-2015-6860   (Links to External Site)
Updated:  Apr 5 2016
Original Entry Date:  Dec 14 2015
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): KB.15.18.0006, KB.15.18.0007
Description:   Two vulnerabilities were reported in HP Network Switches. A local user can obtain elevated privileges on the target system. A local user can bypass security restrictions.

A local authenticated user can bypass unspecified security restrictions [CVE-2015-6859].

A local user can gain full control of the target system [CVE-2015-6860].

The following model numbers are affected:

J9821A HP 5406R zl2 Switch
J9822A HP 5412R zl2 Switch
J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch
J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch
J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch
J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch
J9850A HP 5406R zl2 Switch
J9851A HP 5412R zl2 Switch
J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch

Impact:   A local user can obtain elevated privileges on the target system.

A local user can bypass security controls on the target system.

Solution:   The vendor has issued a fix (KB.15.18.0008, KB.16.01.0004).

The vendor's advisory is available at:

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04920918

Vendor URL:  h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04920918 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC