CVE-2015-5997

{"id": "CVE-2015-5997", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-14T14:59:00.103", "references": [{"url": "http://www.kb.cert.org/vuls/id/549807", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/549807", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data."}, {"lang": "es", "value": "Vulnerabilidad en Impero Education Pro en versiones anteriores a 5105, utiliza una clave CBC embebida y un vector de inicializaci\u00f3n derivados de un hash de la cadena Imp3ro, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener datos en texto plano rastreando la red en busca de datos de texto cifrado."}], "lastModified": "2024-11-21T02:34:16.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:impero:impero_education_pro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ED43696-8A00-4B8E-A596-00F20AEEECAA", "versionEndIncluding": "5008"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/329.html\">CWE-329: Not Using a Random IV with CBC Mode</a>", "sourceIdentifier": "cret@cert.org"}