CVE-2017-5796

Published Feb 15, 2018

Last updated 7 years ago

CVSS high 8.8

Overview

Description: A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found.
Source: security-alert@hpe.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:j9627a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE6143EC-B848-4C54-B250-4A20825C2FCD",
            "versionEndExcluding": "ra.15.15.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hp:j9627a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2066788A-4B15-4A67-89F1-BC64D6EC4037"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:j9626a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F49C72ED-C9DD-4C55-85BB-980A30138135",
            "versionEndExcluding": "ra.15.15.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hp:j9626a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A56D2F70-A9D5-4D0E-BA09-2B23C746BD97"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:j9625a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C8918AB-BD8E-4215-8A00-7469B1E21DCD",
            "versionEndExcluding": "ra.15.15.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hp:j9625a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "679263E7-7C3A-4E4C-881B-693121036F6B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:j9624a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC9FD7B8-B0D5-4C23-ABC0-686EF6692B50",
            "versionEndExcluding": "ra.15.15.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hp:j9624a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B657883E-E1BE-4040-BB2A-397675302F1C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:j9623a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFDA9F42-B804-4E1A-8918-B33A1458561A",
            "versionEndExcluding": "ra.15.15.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hp:j9623a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FCBA2FBA-01DD-44C9-A7D2-554F425F4CC8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References