CVE-2017-15906 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
openbsd	openssh	𝑥 < 7.6
oracle	sun_zfs_storage_appliance_kit	8.8.6
debian	debian_linux	8.0
netapp	active_iq_unified_manager	-
netapp	cloud_backup	-
netapp	clustered_data_ontap	-
netapp	data_ontap_edge	-
netapp	hci_management_node	-
netapp	oncommand_unified_manager_core_package	-
netapp	solidfire	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storage_replication_adapter_for_clustered_data_ontap	9.7 ≤
netapp	storage_replication_adapter_for_clustered_data_ontap	9.6
netapp	vasa_provider_for_clustered_data_ontap	6.0 ≤ 𝑥 ≤ 6.2
netapp	vasa_provider_for_clustered_data_ontap	9.7 ≤
netapp	virtual_storage_console	9.7 ≤
netapp	virtual_storage_console	9.6
netapp	cn1610_firmware	-
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.6
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssh

bullseye (security)	1:8.4p1-5+deb11u3 fixed
bullseye	1:8.4p1-5+deb11u3 fixed
wheezy	no-dsa
bookworm	1:9.2p1-2+deb12u3 fixed
bookworm (security)	1:9.2p1-2+deb12u3 fixed
sid	1:9.9p1-3 fixed
trixie	1:9.9p1-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssh

hirsute	Fixed 1:7.6p1-4 released
groovy	Fixed 1:7.6p1-4 released
focal	Fixed 1:7.6p1-4 released
eoan	Fixed 1:7.6p1-4 released
disco	Fixed 1:7.6p1-4 released
cosmic	Fixed 1:7.6p1-4 released
bionic	Fixed 1:7.6p1-4 released
artful	Fixed 1:7.5p1-10ubuntu0.1 released
zesty	ignored
xenial	Fixed 1:7.2p2-4ubuntu2.4 released
trusty	Fixed 1:6.6p1-2ubuntu2.10 released

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

http://www.securityfocus.com/bid/101552

https://access.redhat.com/errata/RHSA-2018:0980

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19

https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

https://security.gentoo.org/glsa/201801-05

https://security.netapp.com/advisory/ntap-20180423-0004/

https://www.openssh.com/txt/release-7.6

https://www.oracle.com/security-alerts/cpujan2020.html

http://www.securityfocus.com/bid/101552

https://access.redhat.com/errata/RHSA-2018:0980

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19

https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

https://security.gentoo.org/glsa/201801-05

https://security.netapp.com/advisory/ntap-20180423-0004/

https://www.openssh.com/txt/release-7.6

https://www.oracle.com/security-alerts/cpujan2020.html