製品・ソフトウェアに関する情報

JVN脆弱性詳細

HP H3C Comware 5 および Comware 7 デバイスにおけるアクセス制限を回避される脆弱性

タイトル	HP H3C Comware 5 および Comware 7 デバイスにおけるアクセス制限を回避される脆弱性
概要	HP H3C Comware 5 および Comware 7 デバイスには、アクセス制限を回避される、またはサービス運用妨害 (DoS) 状態にされる脆弱性が存在します。
想定される影響	第三者により、"Virtual routing and forwarding (VRF) hopping" を介して、アクセス制限を回避される、またはサービス運用妨害 (DoS) 状態にされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2015年12月18日0:00
登録日	2016年1月12日16:51
最終更新日	2016年1月12日16:51

CVSS2.0 : 警告
スコア	6.4
ベクター	AV:N/AC:L/Au:N/C:N/I:P/A:P

影響を受けるシステム

ヒューレット・パッカード

H3C Router

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-5434	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5434
2	CVE-2015-5434	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5434
National Vulnerability Database (NVD)
3	CVE-2015-5434	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5434
4	CVE-2015-5434	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5434

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html
2	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	名前	URL
HP Security Bulletin
1	HPSBHF03419	https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779492
2	HPSBHF03419	https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779492

変更履歴

No	変更内容	変更日
0	[2016年01月12日] 掲載	2018年2月17日10:37
0	[2016年01月12日] 掲載	2018年2月17日10:37

NVD脆弱性情報

CVE-2015-5434

概要	HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
公表日	2016年1月5日20:59
登録日	2021年1月26日14:52
最終更新日	2024年11月21日11:33

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:h:hp:jc653a_hp_12518_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jh179a_hp_flexfabric_5930_4-slot_switch:-:::::::*
cpe:2.3:h:hp:jg362b_hp_hsr6804_router_chassis:-:::::::*
cpe:2.3:h:hp:jg834a_hp_flexfabric_12508e_ac_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg802a_hp_ff_12500e_mpu:-:::::::*
cpe:2.3:h:hp:jg409a_hp_msr3012_ac_router:-:::::::*
cpe:2.3:h:hp:jc655a_hp_12504_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc612a_hp_10508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jh060a_hp_msr1003-8s_ac_router:-:::::::*
cpe:2.3:h:hp:jg836a_hp_flexfabric_12518e_ac_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg410a_hp_msr3012_dc_router:-:::::::*
cpe:2.3:a:hp:jg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taa:-:::::::*
cpe:2.3:h:hp:jg782a_hp_ff_12508e_ac_switch_chassis:-:::::::*
cpe:2.3:o:hp:jg497a_hp_12500_mpu_w\/comware:7.0:::::::*
cpe:2.3:h:hp:jc125b_hp_9512_switch_chassis:-:::::::*
cpe:2.3:a:hp:jg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fg:-:::::::*
cpe:2.3:h:hp:jc652a_hp_12508_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jf431c_hp_12508_ac_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg821a_hp_10508_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc613a_hp_10504_switch_chassis:-:::::::*
cpe:2.3:o:hp:jh198a_hp_10500_type_d_main_processing_unit_with_comware:7.0:::::::*
cpe:2.3:h:hp:jf430b_hp_12518_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg403a_hp_msr4060_router_chassis:-:::::::*
cpe:2.3:a:hp:jg810aae_hp_vsr1001_virtual_services_router_60_day_evaluation:-:::::::*
cpe:2.3:h:hp:jg412a_hp_msr4000_mpu-100_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg361a_hp_hsr6802_router_chassis:-:::::::*
cpe:2.3:h:hp:jg734a_hp_msr2004-24_ac_router:-:::::::*
cpe:2.3:h:hp:jg354a_hp_hsr6602-xg_router:-:::::::*
cpe:2.3:h:hp:jg869a_hp_msr4000_taa-compliant_mpu-100_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jf430c_hp_12518_ac_switch_chassis:-:::::::*
cpe:2.3:a:hp:jh192a_hp_10500_48-port_gig-t_\(rj45\)_se:-:::::::*
cpe:2.3:h:hp:jc474a_hp_a9508-v_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc611a_hp_10508-v_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg408a_hp_msr3024_poe_router:-:::::::*
cpe:2.3:h:hp:jc124b_hp_9505_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg406a_hp_msr3024_ac_router:-:::::::*
cpe:2.3:h:hp:jg866a_hp_msr2003_taa-compliant_ac_router:-:::::::*
cpe:2.3:h:hp:jc125a_hp_a9512_switch_chassis:-:::::::*
cpe:2.3:a:hp:jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fd:-:::::::*
cpe:2.3:h:hp:jg777a_hp_hsr6602-xg_taa-compliant_router:-:::::::*
cpe:2.3:h:hp:jg404a_hp_msr3064_router:-:::::::*
cpe:2.3:h:hp:jg779a_hp_hsr6800_rse-x2_router_taa-compliant_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg402a_hp_msr4080_router_chassis:-:::::::*
cpe:2.3:o:hp:jg496a_hp_10500_type_a_mpu_with_comware:7.0:::::::*
cpe:2.3:h:hp:jg411a_hp_msr2003_ac_router:-:::::::*
cpe:2.3:a:hp:jh196a_hp_10500_2-port_100gbe_cfp_ec:-:::::::*
cpe:2.3:h:hp:jg875a_hp_msr1002-4_ac_router:-:::::::*
cpe:2.3:h:hp:jh075a\)_hp_hsr6800_rse-x3_router_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jc748a_hp_10512_switch_chassis:-:::::::*
cpe:2.3:h:hp:jf430a_hp_a12518_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc085a_hp_a12518_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc124a_hp_a9508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc808a_hp_12500_taa_main_processing_unit:-:::::::*
cpe:2.3:a:hp:jg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taa:-:::::::*
cpe:2.3:h:hp:jc072b_hp_12500_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg861a_hp_msr3024_taa-compliant_ac_router:-:::::::*
cpe:2.3:a:hp:jg798a_hp_flexfabric_12508e_fabric:-:::::::*
cpe:2.3:h:hp:jg361b_hp_hsr6802_router_chassis:-:::::::*
cpe:2.3:h:hp:jg837a_hp_flexfabric_12518e_dc_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg362a_hp_hsr6804_router_chassis:-:::::::*
cpe:2.3:h:hp:jg784a_hp_ff_12518e_ac_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg813aae_hp_vsr1008_comware_7_virtual_services_router:-:::::::*
cpe:2.3:h:hp:jg811aae_hp_vsr1001_comware_7_virtual_services_router:-:::::::*
cpe:2.3:h:hp:jg555a_hp_5920af-24xg_taa_switch:-:::::::*
cpe:2.3:h:hp:jg783a_hp_ff_12508e_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jh188a_hp_flexfabric_5930_4-slot_taa-compliant_switch:-:::::::*
cpe:2.3:h:hp:jc474b_hp_9508-v_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg353a_hp_hsr6602-g_router:-:::::::*
cpe:2.3:h:hp:jg835a_hp_flexfabric_12508e_dc_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jc654a_hp_12504_ac_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg405a_hp_msr3044_router:-:::::::*
cpe:2.3:h:hp:jg407a_hp_msr3024_dc_router:-:::::::*
cpe:2.3:h:hp:jg776a_hp_hsr6602-g_taa-compliant_router:-:::::::*
cpe:2.3:h:hp:jg364a_hp_hsr6800_rse-x2_router_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jf431b_hp_12508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg803a_hp_flexfabric_12500e_taa-compliant_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg822a_hp_10508-v_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc086a_hp_a12508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg812aae_hp_vsr1004_comware_7_virtual_services_router:-:::::::*
cpe:2.3:h:hp:jg296a_hp_5920af-24xg_switch:-:::::::*
cpe:2.3:h:hp:jg363a_hp_hsr6808_router_chassis:-:::::::*
cpe:2.3:h:hp:jg820a_hp_10504_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg363b_hp_hsr6808_router_chassis:-:::::::*
cpe:2.3:h:hp:jg823a_hp_10512_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg785a_hp_ff_12518e_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jf431a_hp_a12508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg735a\)_hp_msr2004-48_router:-:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:h:hp:jc653a_hp_12518_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jh179a_hp_flexfabric_5930_4-slot_switch:-:::::::*
cpe:2.3:h:hp:jg362b_hp_hsr6804_router_chassis:-:::::::*
cpe:2.3:h:hp:jg834a_hp_flexfabric_12508e_ac_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg802a_hp_ff_12500e_mpu:-:::::::*
cpe:2.3:h:hp:jg409a_hp_msr3012_ac_router:-:::::::*
cpe:2.3:h:hp:jc655a_hp_12504_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc612a_hp_10508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jh060a_hp_msr1003-8s_ac_router:-:::::::*
cpe:2.3:h:hp:jg836a_hp_flexfabric_12518e_ac_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg410a_hp_msr3012_dc_router:-:::::::*
cpe:2.3:a:hp:jg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taa:-:::::::*
cpe:2.3:h:hp:jg782a_hp_ff_12508e_ac_switch_chassis:-:::::::*
cpe:2.3:o:hp:jg497a_hp_12500_mpu_w\/comware:7.0:::::::*
cpe:2.3:h:hp:jc125b_hp_9512_switch_chassis:-:::::::*
cpe:2.3:a:hp:jg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fg:-:::::::*
cpe:2.3:h:hp:jc652a_hp_12508_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jf431c_hp_12508_ac_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg821a_hp_10508_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc613a_hp_10504_switch_chassis:-:::::::*
cpe:2.3:o:hp:jh198a_hp_10500_type_d_main_processing_unit_with_comware:7.0:::::::*
cpe:2.3:h:hp:jf430b_hp_12518_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg403a_hp_msr4060_router_chassis:-:::::::*
cpe:2.3:a:hp:jg810aae_hp_vsr1001_virtual_services_router_60_day_evaluation:-:::::::*
cpe:2.3:h:hp:jg412a_hp_msr4000_mpu-100_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg361a_hp_hsr6802_router_chassis:-:::::::*
cpe:2.3:h:hp:jg734a_hp_msr2004-24_ac_router:-:::::::*
cpe:2.3:h:hp:jg354a_hp_hsr6602-xg_router:-:::::::*
cpe:2.3:h:hp:jg869a_hp_msr4000_taa-compliant_mpu-100_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jf430c_hp_12518_ac_switch_chassis:-:::::::*
cpe:2.3:a:hp:jh192a_hp_10500_48-port_gig-t_\(rj45\)_se:-:::::::*
cpe:2.3:h:hp:jc474a_hp_a9508-v_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc611a_hp_10508-v_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg408a_hp_msr3024_poe_router:-:::::::*
cpe:2.3:h:hp:jc124b_hp_9505_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg406a_hp_msr3024_ac_router:-:::::::*
cpe:2.3:h:hp:jg866a_hp_msr2003_taa-compliant_ac_router:-:::::::*
cpe:2.3:h:hp:jc125a_hp_a9512_switch_chassis:-:::::::*
cpe:2.3:a:hp:jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fd:-:::::::*
cpe:2.3:h:hp:jg777a_hp_hsr6602-xg_taa-compliant_router:-:::::::*
cpe:2.3:h:hp:jg404a_hp_msr3064_router:-:::::::*
cpe:2.3:h:hp:jg779a_hp_hsr6800_rse-x2_router_taa-compliant_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg402a_hp_msr4080_router_chassis:-:::::::*
cpe:2.3:o:hp:jg496a_hp_10500_type_a_mpu_with_comware:7.0:::::::*
cpe:2.3:h:hp:jg411a_hp_msr2003_ac_router:-:::::::*
cpe:2.3:a:hp:jh196a_hp_10500_2-port_100gbe_cfp_ec:-:::::::*
cpe:2.3:h:hp:jg875a_hp_msr1002-4_ac_router:-:::::::*
cpe:2.3:h:hp:jh075a\)_hp_hsr6800_rse-x3_router_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jc748a_hp_10512_switch_chassis:-:::::::*
cpe:2.3:h:hp:jf430a_hp_a12518_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc085a_hp_a12518_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc124a_hp_a9508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc808a_hp_12500_taa_main_processing_unit:-:::::::*
cpe:2.3:a:hp:jg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taa:-:::::::*
cpe:2.3:h:hp:jc072b_hp_12500_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg861a_hp_msr3024_taa-compliant_ac_router:-:::::::*
cpe:2.3:a:hp:jg798a_hp_flexfabric_12508e_fabric:-:::::::*
cpe:2.3:h:hp:jg361b_hp_hsr6802_router_chassis:-:::::::*
cpe:2.3:h:hp:jg837a_hp_flexfabric_12518e_dc_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jg362a_hp_hsr6804_router_chassis:-:::::::*
cpe:2.3:h:hp:jg784a_hp_ff_12518e_ac_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg813aae_hp_vsr1008_comware_7_virtual_services_router:-:::::::*
cpe:2.3:h:hp:jg811aae_hp_vsr1001_comware_7_virtual_services_router:-:::::::*
cpe:2.3:h:hp:jg555a_hp_5920af-24xg_taa_switch:-:::::::*
cpe:2.3:h:hp:jg783a_hp_ff_12508e_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jh188a_hp_flexfabric_5930_4-slot_taa-compliant_switch:-:::::::*
cpe:2.3:h:hp:jc474b_hp_9508-v_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg353a_hp_hsr6602-g_router:-:::::::*
cpe:2.3:h:hp:jg835a_hp_flexfabric_12508e_dc_switch_taa-compliant_chassis:-:::::::*
cpe:2.3:h:hp:jc654a_hp_12504_ac_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg405a_hp_msr3044_router:-:::::::*
cpe:2.3:h:hp:jg407a_hp_msr3024_dc_router:-:::::::*
cpe:2.3:h:hp:jg776a_hp_hsr6602-g_taa-compliant_router:-:::::::*
cpe:2.3:h:hp:jg364a_hp_hsr6800_rse-x2_router_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jf431b_hp_12508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg803a_hp_flexfabric_12500e_taa-compliant_main_processing_unit:-:::::::*
cpe:2.3:h:hp:jg822a_hp_10508-v_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jc086a_hp_a12508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg812aae_hp_vsr1004_comware_7_virtual_services_router:-:::::::*
cpe:2.3:h:hp:jg296a_hp_5920af-24xg_switch:-:::::::*
cpe:2.3:h:hp:jg363a_hp_hsr6808_router_chassis:-:::::::*
cpe:2.3:h:hp:jg820a_hp_10504_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg363b_hp_hsr6808_router_chassis:-:::::::*
cpe:2.3:h:hp:jg823a_hp_10512_taa_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg785a_hp_ff_12518e_dc_switch_chassis:-:::::::*
cpe:2.3:h:hp:jf431a_hp_a12508_switch_chassis:-:::::::*
cpe:2.3:h:hp:jg735a\)_hp_msr2004-48_router:-:::::::*

No	URL	タグ
1	http://www.securityfocus.com/bid/79869
2	http://www.securityfocus.com/bid/79869
3	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492	Patch Vendor Advisory
4	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492	Patch Vendor Advisory