CVE-2015-5293

CWE-284 — Improper Access Control5 documents5 sources

Severity

5.9MEDIUM

EPSS

0.3%

top 48.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization Manager

Timeline

PublishedAug 24

Latest updateMay 17

Description

Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization_manager3.6.0

🔴Vulnerability Details

GHSA

GHSA-6v73-859g-p6w8: Red Hat Enterprise Virtualization Manager 3↗2022-05-17

▶

CVEList

CVE-2015-5293: Red Hat Enterprise Virtualization Manager 3↗2017-08-24

▶

📋Vendor Advisories

Red Hat

RHEV: When "boot protocol" is set to None on an interface, interface still gets IPv6 address↗2015-09-30

▶

💬Community

Bugzilla

CVE-2015-5293 RHEV: When "boot protocol" is set to None on an interface, interface still gets IPv6 address↗2015-09-30

▶