CVE-2015-6237
CRITICALTripwire IP360 VnE Manager 7.2.2-7.2.6 - Unauthenticated Authentication Bypass via Privileged Commands
Title source: llmDescription
The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536609/100/0/threaded
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Oct/20
Scores
CVSS v3
9.8
EPSS
0.0167
EPSS Percentile
73.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (3)
tripwire/ip360
7.2.2
tripwire/ip360
7.2.4
tripwire/ip360
7.2.5
Published
Dec 27, 2017
Tracked Since
Feb 18, 2026