fkie_cve-2015-6551
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D99C75EB-3507-4704-A565-AB2CF5369A74", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "EC406C50-6C2B-4160-890F-29DC444DC886", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "778FBECC-2C4C-45D5-A1E8-6678C541AA02", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "46E3145F-197D-4860-AF50-8970CC803BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A17E4E50-9D65-460F-8BE1-27A174A6254A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A5A861A3-FF48-47AD-BDE0-323E12CB7819", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7EC7B2BA-DC01-4611-921B-C8C94651F142", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*", matchCriteriaId: "B7002266-E3B0-4A96-BE09-741A30E74B40", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "04D8275D-EE04-4BF7-9482-AE75A2E21F0A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "5C24158D-E922-4B07-8F67-58DD714346E5", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*", matchCriteriaId: "658F2C00-3B49-4011-9F83-62ED504F7476", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*", matchCriteriaId: "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A48563EA-D19E-4B62-8AE9-BE15D5EB8932", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E294AFF-E630-4A50-B3DE-E16AF3E595E3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B9465004-79E0-46B0-B66A-48F3665ADA8E", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "EE8A0C61-6B44-4344-AFC9-834B5B653B58", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1F92467E-E91F-464F-B8C0-8724E4DB83CB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*", matchCriteriaId: "ACD568CB-7839-4DD4-AA6C-E3F14D54477B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4356423A-17CF-4013-977B-F151BB5CC206", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "EF9E0A06-0022-43B1-9DFD-025D4FB13055", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "40301990-E272-40C0-90B7-FCDA3B4B5CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "9163537F-6657-4758-A980-6CCC8283F51B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FAD0859E-A3D1-416B-B841-EB052CAF6CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "54A5CAC2-5DD8-4FAE-B661-32A0017A557A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "D741998D-20C0-4627-BF23-023D6C341746", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "01F5DFE7-64AF-4228-A30A-340B7BAA86EE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6D479700-9A02-466B-A2CD-107F6EAF4AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E185B358-0805-4241-9960-23216974BEFD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5B672A9C-7549-4120-A966-D24090575506", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "E464653E-CFE4-4F9E-A021-DB16D9CE6046", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.", }, { lang: "es", value: "Veritas NetBackup 7.x hasta la versión 7.5.0.7 y 7.6.0.x hasta la versión 7.6.0.4 y NetBackup Appliance hasta la versión 2.5.4 y 2.6.0.x hasta la versión 2.6.0.4 no utilizan TLS para el tráfico de la consola de administración al servidor NBU, lo que permite a atacantes remotos obtener información sensible husmeando la red en busca de paquetes de intercambio de clave.", }, ], id: "CVE-2015-6551", lastModified: "2024-11-21T02:35:12.477", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-07T14:59:01.197", references: [ { source: "secure@symantec.com", url: "http://www.securitytracker.com/id/1035704", }, { source: "secure@symantec.com", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, ], sourceIdentifier: "secure@symantec.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.