6.5
MEDIUM
CVE-2015-5434
HPE Networking Products VRF Hopping Privilege Escalation
Description

HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."

INFO

Published Date :

Jan. 5, 2016, 11:59 a.m.

Last Modified :

Nov. 28, 2016, 7:33 p.m.

Remotely Exploitable :

Yes !

Impact Score :

2.5

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2015-5434 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Hp jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fd
2 Hp jg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taa
3 Hp jg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fg
4 Hp jg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taa
5 Hp jg798a_hp_flexfabric_12508e_fabric
6 Hp jg810aae_hp_vsr1001_virtual_services_router_60_day_evaluation
7 Hp jh192a_hp_10500_48-port_gig-t_\(rj45\)_se
8 Hp jh196a_hp_10500_2-port_100gbe_cfp_ec
9 Hp jc072b_hp_12500_main_processing_unit
10 Hp jc085a_hp_a12518_switch_chassis
11 Hp jc086a_hp_a12508_switch_chassis
12 Hp jc124a_hp_a9508_switch_chassis
13 Hp jc124b_hp_9505_switch_chassis
14 Hp jc125a_hp_a9512_switch_chassis
15 Hp jc125b_hp_9512_switch_chassis
16 Hp jc474a_hp_a9508-v_switch_chassis
17 Hp jc474b_hp_9508-v_switch_chassis
18 Hp jc611a_hp_10508-v_switch_chassis
19 Hp jc612a_hp_10508_switch_chassis
20 Hp jc613a_hp_10504_switch_chassis
21 Hp jc652a_hp_12508_dc_switch_chassis
22 Hp jc653a_hp_12518_dc_switch_chassis
23 Hp jc654a_hp_12504_ac_switch_chassis
24 Hp jc655a_hp_12504_dc_switch_chassis
25 Hp jc748a_hp_10512_switch_chassis
26 Hp jc808a_hp_12500_taa_main_processing_unit
27 Hp jf430a_hp_a12518_switch_chassis
28 Hp jf430b_hp_12518_switch_chassis
29 Hp jf430c_hp_12518_ac_switch_chassis
30 Hp jf431a_hp_a12508_switch_chassis
31 Hp jf431b_hp_12508_switch_chassis
32 Hp jf431c_hp_12508_ac_switch_chassis
33 Hp jg296a_hp_5920af-24xg_switch
34 Hp jg353a_hp_hsr6602-g_router
35 Hp jg354a_hp_hsr6602-xg_router
36 Hp jg361a_hp_hsr6802_router_chassis
37 Hp jg361b_hp_hsr6802_router_chassis
38 Hp jg362a_hp_hsr6804_router_chassis
39 Hp jg362b_hp_hsr6804_router_chassis
40 Hp jg363a_hp_hsr6808_router_chassis
41 Hp jg363b_hp_hsr6808_router_chassis
42 Hp jg364a_hp_hsr6800_rse-x2_router_main_processing_unit
43 Hp jg402a_hp_msr4080_router_chassis
44 Hp jg403a_hp_msr4060_router_chassis
45 Hp jg404a_hp_msr3064_router
46 Hp jg405a_hp_msr3044_router
47 Hp jg406a_hp_msr3024_ac_router
48 Hp jg407a_hp_msr3024_dc_router
49 Hp jg408a_hp_msr3024_poe_router
50 Hp jg409a_hp_msr3012_ac_router
51 Hp jg410a_hp_msr3012_dc_router
52 Hp jg411a_hp_msr2003_ac_router
53 Hp jg412a_hp_msr4000_mpu-100_main_processing_unit
54 Hp jg555a_hp_5920af-24xg_taa_switch
55 Hp jg734a_hp_msr2004-24_ac_router
56 Hp jg735a\)_hp_msr2004-48_router
57 Hp jg776a_hp_hsr6602-g_taa-compliant_router
58 Hp jg777a_hp_hsr6602-xg_taa-compliant_router
59 Hp jg779a_hp_hsr6800_rse-x2_router_taa-compliant_main_processing_unit
60 Hp jg782a_hp_ff_12508e_ac_switch_chassis
61 Hp jg783a_hp_ff_12508e_dc_switch_chassis
62 Hp jg784a_hp_ff_12518e_ac_switch_chassis
63 Hp jg785a_hp_ff_12518e_dc_switch_chassis
64 Hp jg802a_hp_ff_12500e_mpu
65 Hp jg803a_hp_flexfabric_12500e_taa-compliant_main_processing_unit
66 Hp jg811aae_hp_vsr1001_comware_7_virtual_services_router
67 Hp jg812aae_hp_vsr1004_comware_7_virtual_services_router
68 Hp jg813aae_hp_vsr1008_comware_7_virtual_services_router
69 Hp jg820a_hp_10504_taa_switch_chassis
70 Hp jg821a_hp_10508_taa_switch_chassis
71 Hp jg822a_hp_10508-v_taa_switch_chassis
72 Hp jg823a_hp_10512_taa_switch_chassis
73 Hp jg834a_hp_flexfabric_12508e_ac_switch_taa-compliant_chassis
74 Hp jg835a_hp_flexfabric_12508e_dc_switch_taa-compliant_chassis
75 Hp jg836a_hp_flexfabric_12518e_ac_switch_taa-compliant_chassis
76 Hp jg837a_hp_flexfabric_12518e_dc_switch_taa-compliant_chassis
77 Hp jg861a_hp_msr3024_taa-compliant_ac_router
78 Hp jg866a_hp_msr2003_taa-compliant_ac_router
79 Hp jg869a_hp_msr4000_taa-compliant_mpu-100_main_processing_unit
80 Hp jg875a_hp_msr1002-4_ac_router
81 Hp jh060a_hp_msr1003-8s_ac_router
82 Hp jh075a\)_hp_hsr6800_rse-x3_router_main_processing_unit
83 Hp jh179a_hp_flexfabric_5930_4-slot_switch
84 Hp jh188a_hp_flexfabric_5930_4-slot_taa-compliant_switch
85 Hp jg496a_hp_10500_type_a_mpu_with_comware
86 Hp jg497a_hp_12500_mpu_w\/comware
87 Hp jh198a_hp_10500_type_d_main_processing_unit_with_comware
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2015-5434.

URL Resource
http://www.securityfocus.com/bid/79869
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492 Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2015-5434 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2015-5434 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Nov. 28, 2016

    Action Type Old Value New Value
    Added Reference http://www.securityfocus.com/bid/79869 [No Types Assigned]
  • Modified Analysis by [email protected]

    Aug. 23, 2016

    Action Type Old Value New Value
    Changed Reference Type https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492 Vendor Advisory https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492 Vendor Advisory, Patch
  • CVE Translated by [email protected]

    Jun. 04, 2016

    Action Type Old Value New Value
    Added Translation HPE Networking Products, marcados originalmente como Comware 5, Comware 7, H3C o HP
  • CVE Translated by [email protected]

    Jun. 04, 2016

    Action Type Old Value New Value
    Removed Translation Dispositivos HP H3C Comware 5 y 7 permite a atacantes remotos eludir las restricciones destinadas al acceso o provocar una denegación de servicio a través de "Virtual routing and forwarding (VRF) hopping."
    Added Translation HPE Networking Products, marcados originalmente como Comware 5, Comware 7, H3C o HP, permiten a atacantes remotos eludir las restricciones destinadas al acceso o provocar una denegación de servicio a través de "Virtual routing and forwarding (VRF) hopping."
  • CVE Modified by [email protected]

    Jun. 04, 2016

    Action Type Old Value New Value
    Changed Description HP H3C Comware 5 and 7 devices allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
  • Modified Analysis by [email protected]

    Jan. 08, 2016

    Action Type Old Value New Value
    Added CPE Configuration Configuration 1 OR *cpe:2.3:h:hp:jh075a\)_hp_hsr6800_rse-x3_router_main_processing_unit:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg779a_hp_hsr6800_rse-x2_router_taa-compliant_main_processing_unit:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg364a_hp_hsr6800_rse-x2_router_main_processing_unit:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg363b_hp_hsr6808_router_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg363a_hp_hsr6808_router_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg362b_hp_hsr6804_router_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg362a_hp_hsr6804_router_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg361b_hp_hsr6802_router_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg361a_hp_hsr6802_router_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg777a_hp_hsr6602-xg_taa-compliant_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg776a_hp_hsr6602-g_taa-compliant_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg354a_hp_hsr6602-xg_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg353a_hp_hsr6602-g_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jh188a_hp_flexfabric_5930_4-slot_taa-compliant_switch:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jh179a_hp_flexfabric_5930_4-slot_switch:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg813aae_hp_vsr1008_comware_7_virtual_services_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg812aae_hp_vsr1004_comware_7_virtual_services_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg811aae_hp_vsr1001_comware_7_virtual_services_router:-:*:*:*:*:*:*:* *cpe:2.3:a:hp:jg810aae_hp_vsr1001_virtual_services_router_60_day_evaluation:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg869a_hp_msr4000_taa-compliant_mpu-100_main_processing_unit:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg412a_hp_msr4000_mpu-100_main_processing_unit:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg403a_hp_msr4060_router_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg402a_hp_msr4080_router_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg861a_hp_msr3024_taa-compliant_ac_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg410a_hp_msr3012_dc_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg409a_hp_msr3012_ac_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg408a_hp_msr3024_poe_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg407a_hp_msr3024_dc_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg406a_hp_msr3024_ac_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg405a_hp_msr3044_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg404a_hp_msr3064_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg866a_hp_msr2003_taa-compliant_ac_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg735a\)_hp_msr2004-48_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg734a_hp_msr2004-24_ac_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg411a_hp_msr2003_ac_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jh060a_hp_msr1003-8s_ac_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg875a_hp_msr1002-4_ac_router:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg555a_hp_5920af-24xg_taa_switch:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg296a_hp_5920af-24xg_switch:-:*:*:*:*:*:*:* *cpe:2.3:a:hp:jh196a_hp_10500_2-port_100gbe_cfp_ec:-:*:*:*:*:*:*:* *cpe:2.3:a:hp:jh192a_hp_10500_48-port_gig-t_\(rj45\)_se:-:*:*:*:*:*:*:* *cpe:2.3:o:hp:jh198a_hp_10500_type_d_main_processing_unit_with_comware:7.0:*:*:*:*:*:*:* *cpe:2.3:o:hp:jg496a_hp_10500_type_a_mpu_with_comware:7.0:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg823a_hp_10512_taa_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg822a_hp_10508-v_taa_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg821a_hp_10508_taa_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg820a_hp_10504_taa_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc748a_hp_10512_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc613a_hp_10504_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc612a_hp_10508_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc611a_hp_10508-v_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:a:hp:jg798a_hp_flexfabric_12508e_fabric:-:*:*:*:*:*:*:* *cpe:2.3:a:hp:jg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taa:-:*:*:*:*:*:*:* *cpe:2.3:a:hp:jg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taa:-:*:*:*:*:*:*:* *cpe:2.3:a:hp:jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fd:-:*:*:*:*:*:*:* *cpe:2.3:a:hp:jg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fg:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg803a_hp_flexfabric_12500e_taa-compliant_main_processing_unit:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg837a_hp_flexfabric_12518e_dc_switch_taa-compliant_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg835a_hp_flexfabric_12508e_dc_switch_taa-compliant_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg834a_hp_flexfabric_12508e_ac_switch_taa-compliant_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg836a_hp_flexfabric_12518e_ac_switch_taa-compliant_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg802a_hp_ff_12500e_mpu:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg785a_hp_ff_12518e_dc_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg784a_hp_ff_12518e_ac_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg783a_hp_ff_12508e_dc_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jg782a_hp_ff_12508e_ac_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:o:hp:jg497a_hp_12500_mpu_w\/comware:7.0:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc072b_hp_12500_main_processing_unit:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jf431c_hp_12508_ac_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jf431b_hp_12508_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jf431a_hp_a12508_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jf430c_hp_12518_ac_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jf430b_hp_12518_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jf430a_hp_a12518_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc655a_hp_12504_dc_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc654a_hp_12504_ac_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc653a_hp_12518_dc_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc652a_hp_12508_dc_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc086a_hp_a12508_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc085a_hp_a12518_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc474b_hp_9508-v_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc474a_hp_a9508-v_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc125b_hp_9512_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc125a_hp_a9512_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc124b_hp_9505_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc124a_hp_a9508_switch_chassis:-:*:*:*:*:*:*:* *cpe:2.3:h:hp:jc808a_hp_12500_taa_main_processing_unit:-:*:*:*:*:*:*:*
    Added CVSS V2 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
    Changed Reference Type https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492 No Types Assigned https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492 Advisory
    Added CWE CWE-264
  • Initial Analysis by [email protected]

    Jan. 08, 2016

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2015-5434 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2015-5434 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.32 }} 0.00%

score

0.65763

percentile

CVSS30 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability