Vulnerability Details : CVE-2015-5293
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.
Vulnerability category: BypassGain privilege
Products affected by CVE-2015-5293
- cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5293
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5293
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2015-5293
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5293
-
https://access.redhat.com/security/cve/CVE-2015-5293
CVE-2015-5293 - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1267714
1267714 – (CVE-2015-5293) CVE-2015-5293 RHEV: When "boot protocol" is set to None on an interface, interface still gets IPv6 addressIssue Tracking;VDB Entry;Vendor Advisory
Jump to