cbcvebase.
CVE-2015-2924
published 2015-11-16

CVE-2015-2924: The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote…

PriorityP413low3.3CVSS 2.0
AVAACLAuNCNINAP
EPSS
1.20%
64.4th percentile
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiannetwork-manager< network-manager 1.0.2-1 (bookworm)network-manager 1.0.2-1 (bookworm)
network-manager_projectnetwork-manager>= 0 < 1.0.2-11.0.2-1
network-manager_projectnetwork-manager>= 0 < 1.0.2-11.0.2-1
network-manager_projectnetwork-manager>= 0 < 1.0.2-11.0.2-1
network-manager_projectnetwork-manager>= 0 < 1.0.2-11.0.2-1
networkmanager_projectnetworkmanager<= 1.0.7

CVSS provenance

nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
osv3.3LOW
vendor_debian3.3LOW
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.