DATABASE RESOURCES PRICING ABOUT US

{"id": "LENOVO:PS500025-NOSID", "vendorId": null, "type": "lenovo", "bulletinFamily": "info", "title": "Privilege escalation vulnerabilities in IBM System Networking Switch Center and Lenovo Switch Center", "description": "**Lenovo Security Advisory:**LEN-2015-074, LEN-2746 \n**Potential Impact:** Escalation of Privileges \n****Severity****: High\n\n**Summary:** Multiple vulnerabilities have been identified in the following products:\n\n\\- IBM System Networking Switch Center \n\\- Lenovo Switch Center \n\n**Description:**\n\nLenovo Switch Center, previously known as IBM System Networking Switch Center before it was acquired by Lenovo as part of its purchase of the IBM x86 server business, is a utility that provides remote monitoring and management of Ethernet and converged switches from Lenovo and IBM. It is designed to simplify and centralize the management of Lenovo and IBM BladeCenter, Flex System and RackSwitch Ethernet and converged switches.\n\nMultiple local privilege escalation vulnerabilities have been identified in these two products: Unprivileged local users may be able to run a command or code with escalated privileges on the system, unauthenticated users may be able to remotely obtain the encrypted administrator password, or the session user ID may be temporarily set to a valid ID used to log in.\n\n**Affected Products and Versions:**\n\nThis vulnerability affects all versions of IBM System Networking Switch Center prior to and including 7.1.3.4 and Lenovo Switch Center 8.1.1.0\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nProducts that are still under a support contract can be upgraded to either IBM System Networking Switch Center 7.3.1.5 or Lenovo Switch Center 8.1.2.0 available from [IBM Passport Advantage](<http://www-01.ibm.com/software/howtobuy/passportadvantage/>)\n\n**Acknowledgements: **\n\nThanks to rgod working with HP\u2019s Zero Day Initiative.\n\n**Other information and references:**\n\nCVE ID: CVE-2015-7817; CVE-2015-7818; CVE-2015-7819;CVE-2015-7820\n\nZDI Reference: ZDI-CAN-3008; ZDI-CAN-3009; ZDI-CAN-3010; ZDI-CAN-3011; ZDI-CAN-3012\n\n**Revision History:**\n\n****Revision****\n\n| \n\n****Date****\n\n| \n\n****Description**** \n \n---|---|--- \n** 1.0** | ** 11/05/2015** | ** Initial release**\n", "published": "2017-01-23T00:00:00", "modified": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://support.lenovo.com/us/en/product_security/len_2015_074", "reporter": "Lenovo", "references": [], "cvelist": ["CVE-2015-7820", "CVE-2015-7817", "CVE-2015-7819", "CVE-2015-7818"], "immutableFields": [], "lastseen": "2018-02-21T17:01:58", "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-7817", "CVE-2015-7818", "CVE-2015-7819", "CVE-2015-7820"]}, {"type": "zdi", "idList": ["ZDI-15-551", "ZDI-15-552", "ZDI-15-553", "ZDI-15-554"]}], "rev": 4}, "score": {"value": 2.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2015-7817", "CVE-2015-7818", "CVE-2015-7819", "CVE-2015-7820"]}, {"type": "zdi", "idList": ["ZDI-15-553"]}]}, "exploitation": null, "vulnersScore": 2.0}, "_state": {"dependencies": 1647473500, "score": 1659788215}}

{"cve": [{"lastseen": "2022-03-23T14:00:42", "description": "Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.", "cvss3": {}, "published": "2015-11-12T03:59:00", "type": "cve", "title": "CVE-2015-7820", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7820"], "modified": "2015-11-12T18:46:00", "cpe": ["cpe:/a:lenovo:switch_center:8.1.1.0", "cpe:/a:ibm:system_networking_switch_center:7.3.1.4"], "id": "CVE-2015-7820", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7820", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:system_networking_switch_center:7.3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:lenovo:switch_center:8.1.1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:00:42", "description": "The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.", "cvss3": {}, "published": "2015-11-12T03:59:00", "type": "cve", "title": "CVE-2015-7819", "cwe": ["CWE-255"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7819"], "modified": "2015-11-12T18:49:00", "cpe": ["cpe:/a:lenovo:switch_center:8.1.1.0", "cpe:/a:ibm:system_networking_switch_center:7.3.1.4"], "id": "CVE-2015-7819", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7819", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:system_networking_switch_center:7.3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:lenovo:switch_center:8.1.1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:00:37", "description": "Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.", "cvss3": {}, "published": "2015-11-12T03:59:00", "type": "cve", "title": "CVE-2015-7817", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7817"], "modified": "2015-11-12T19:06:00", "cpe": ["cpe:/a:lenovo:switch_center:8.1.1.0", "cpe:/a:ibm:system_networking_switch_center:7.3.1.4"], "id": "CVE-2015-7817", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7817", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:system_networking_switch_center:7.3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:lenovo:switch_center:8.1.1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:00:38", "description": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.", "cvss3": {}, "published": "2015-11-12T03:59:00", "type": "cve", "title": "CVE-2015-7818", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7818"], "modified": "2015-11-12T19:04:00", "cpe": ["cpe:/a:lenovo:switch_center:8.1.1.0", "cpe:/a:ibm:system_networking_switch_center:7.3.1.4"], "id": "CVE-2015-7818", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7818", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ibm:system_networking_switch_center:7.3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:lenovo:switch_center:8.1.1.0:*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2022-01-31T21:09:41", "description": "This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. The first is a race condition, which allows the for the temporary use of a fixed privileged account which is forbidden from interactive login, and the second is the ability to specify any file on the system in ZipDownload.jsp. By combining these two vulnerabilities, an attacker can read arbitrary files on the system.", "cvss3": {}, "published": "2015-11-10T00:00:00", "type": "zdi", "title": "IBM System Networking Switch Center ZipDownload.jsp Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7820"], "modified": "2015-11-10T00:00:00", "id": "ZDI-15-554", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-554/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-01-31T21:09:40", "description": "This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC DB Service, that listens by default on port 40999. This service allows an unauthenticated user to obtain the account details for the SNSC Administrator, including the password. The password is stored using reversible encryption, and both the key and salt are static. An attacker can use this information to obtain the plaintext password for the SNSC Administrator or any other known account.", "cvss3": {}, "published": "2015-11-10T00:00:00", "type": "zdi", "title": "IBM System Networking Switch Center DB Service Remote Elevation of Privilege Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7819"], "modified": "2015-11-10T00:00:00", "id": "ZDI-15-552", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-552/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-31T21:09:40", "description": "This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. The first is a race condition, which allows the for the temporary use of a fixed privileged account which is forbidden from interactive login, and the second is a directory traversal vulnerability in FileReader.jsp. By combining these two vulnerabilities, an attacker can read arbitrary text files on the system.", "cvss3": {}, "published": "2015-11-10T00:00:00", "type": "zdi", "title": "IBM System Networking Switch Center FileReader.jsp Directory Traversal Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7817"], "modified": "2015-11-10T00:00:00", "id": "ZDI-15-553", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-553/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-01-31T21:09:42", "description": "This vulnerability allows local unprivileged attackers to execute arbitrary code on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. Because this service offers access to the Apache Axis AdminService, an unprivileged local attacker can publish arbitrary classes with the deployment method. An attacker can leverage this access to install arbitrary .jsp files on the server, which will by default run under the context of SYSTEM.", "cvss3": {}, "published": "2015-11-10T00:00:00", "type": "zdi", "title": "IBM System Networking Switch Center Local Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7818"], "modified": "2015-11-10T00:00:00", "id": "ZDI-15-551", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-551/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}