Vulnerability CVE-2015-7713

Vulnerability Name:

CVE-2015-7713 (CCN-106973)

Assigned:

2015-10-07

Published:

2015-10-07

Updated:

2023-02-13

Summary:

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2015-7713

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2016-0013
Moderate: openstack-nova security and bug fix advisory

Source: CCN
Type: RHSA-2016-0017
Important: openstack-nova security advisory

Source: CCN
Type: oss-sec Mailing List, Mon, 5 Oct 2015 18:20:39 +0000
CVE request for vulnerability in OpenStack Nova

Source: CCN
Type: oss-sec Mailing List, Tue, 6 Oct 2015 01:41:51 -0400 (EDT)
Re: CVE request for vulnerability in OpenStack Nova

Source: CCN
Type: oss-sec Mailing List, Wed, 7 Oct 2015 18:33:38 +0000
[OSSA 2015-021] Nova network security group changes are not applied to running instances (CVE-2015-7713)

Source: CCN
Type: IBM Security Bulletin T1023399 (SmartCloud Entry)
OpenStack vulnerabilities affect IBM SmartCloud Entry (CVE-2015-7713, CVE-2015-5286)

Source: CCN
Type: IBM Security Bulletin T1023401 (Cloud Manager with Openstack)
OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7713, CVE-2015-5286)

Source: CCN
Type: BID-76960
OpenStack Nova CVE-2015-7713 Security Bypass Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: OSSA 2015-021
secgroup rules doesn't work for instance immediately (CVE-2015-7713)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
openstack-nova-cve20157713-weak-security(106973)

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-7713

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:openstack:nova:2014.2.3:*:*:*:*:*:*:*

OR cpe:/a:openstack:nova:2015.1.1:*:*:*:*:*:*:*

OR cpe:/a:openstack:nova:2015.1.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:smartcloud_entry:3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_manager:4.1.0:*:*:*:*:openstack:*:*

OR cpe:/a:ibm:cloud_manager:4.2.0:*:*:*:*:openstack:*:*

OR cpe:/a:ibm:cloud_manager:4.3.0:*:*:*:*:openstack:*:*

OR cpe:/a:redhat:openstack:5.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:openstack:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20157713	V	CVE-2015-7713	2021-07-10
oval:org.opensuse.security:def:25580	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:24940	P	Security update for gnome-shell (Moderate)	2020-12-01
oval:org.opensuse.security:def:26311	P	Security update for openstack-nova and openstack-neutron (Moderate)	2020-12-01
oval:org.opensuse.security:def:25289	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:25594	P	Security update for targetcli-fb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25067	P	Security update for libjpeg-turbo (Important)	2020-12-01
oval:org.opensuse.security:def:25439	P	Security update for libpcap (Important)	2020-12-01
oval:org.opensuse.security:def:24865	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)	2020-12-01
oval:org.opensuse.security:def:25638	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25148	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:25492	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:24876	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:26276	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25205	P	Security update for ceph (Important)	2020-12-01
oval:com.ubuntu.precise:def:20157713000	V	CVE-2015-7713 on Ubuntu 12.04 LTS (precise) - medium.	2015-10-29
oval:com.ubuntu.xenial:def:201577130000000	V	CVE-2015-7713 on Ubuntu 16.04 LTS (xenial) - medium.	2015-10-29
oval:com.ubuntu.trusty:def:20157713000	V	CVE-2015-7713 on Ubuntu 14.04 LTS (trusty) - medium.	2015-10-29
oval:com.ubuntu.xenial:def:20157713000	V	CVE-2015-7713 on Ubuntu 16.04 LTS (xenial) - medium.	2015-10-29

BACK