CVE-2015-5434

MEDIUM

HPE Networking Products - Auth Bypass

Title source: llm

Description

HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."

References (2)

[Patch, Vendor Advisory] https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/79869

Scores

CVSS v3 6.5

EPSS 0.0070

EPSS Percentile 71.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Classification

CWE

CWE-264

Status draft

Affected Products (50)

hp/jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fd

hp/jg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taa

hp/jg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fg

hp/jg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taa

hp/jg798a_hp_flexfabric_12508e_fabric

hp/jg810aae_hp_vsr1001_virtual_services_router_60_day_evaluation

hp/jh192a_hp_10500_48-port_gig-t_\(rj45\)_se

hp/jh196a_hp_10500_2-port_100gbe_cfp_ec

hp/jc072b_hp_12500_main_processing_unit

hp/jc085a_hp_a12518_switch_chassis

hp/jc086a_hp_a12508_switch_chassis

hp/jc124a_hp_a9508_switch_chassis

hp/jc124b_hp_9505_switch_chassis

hp/jc125a_hp_a9512_switch_chassis

hp/jc125b_hp_9512_switch_chassis

... and 35 more

Timeline

Published Jan 05, 2016

Tracked Since Feb 18, 2026