Sign-up

ID

VAR-201703-0354


CVE

CVE-2015-4624


TITLE

Hak5 WiFi Pineapple Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007448

DESCRIPTION

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. Hak5 WiFi Pineapple Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Hak5 WiFi Pineapple is an open-source security testing device based on a wireless security auditing platform from Hak5 Company in the United States. An attacker could exploit this vulnerability to inject commands

Trust: 1.71

sources: NVD: CVE-2015-4624 // JVNDB: JVNDB-2015-007448 // VULHUB: VHN-82585

AFFECTED PRODUCTS

vendor:hak5model:wi-fi pineapplescope:eqversion:2.1

Trust: 1.6

vendor:hak5model:wi-fi pineapplescope:eqversion:2.2

Trust: 1.6

vendor:hak5model:wi-fi pineapplescope:eqversion:2.0

Trust: 1.6

vendor:hak5model:wi-fi pineapplescope:eqversion:2.3

Trust: 1.6

vendor:hak5model:wifi pineapplescope:eqversion:2.0 to 2.3

Trust: 0.8

sources: JVNDB: JVNDB-2015-007448 // CNNVD: CNNVD-201611-043 // NVD: CVE-2015-4624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4624
value: HIGH

Trust: 1.0

NVD: CVE-2015-4624
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201611-043
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82585
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4624
severity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:H/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.2
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82585
severity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:H/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.2
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-4624
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-82585 // JVNDB: JVNDB-2015-007448 // CNNVD: CNNVD-201611-043 // NVD: CVE-2015-4624

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-82585 // JVNDB: JVNDB-2015-007448 // NVD: CVE-2015-4624

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201611-043

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201611-043

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007448

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-82585

PATCH
title:Top Pageurl:https://www.hak5.org/
Trust: 0.8
title:Hak5 WiFi Pineapple Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65454
Trust: 0.6
title:Hak5 WiFi Pineapple Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65305
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-007448 // 
            
            
            
            CNNVD: CNNVD-201611-043

EXTERNAL IDS
db:PACKETSTORMid:133052
Trust: 2.5
db:NVDid:CVE-2015-4624
Trust: 2.5
db:EXPLOIT-DBid:40609
Trust: 1.7
db:PACKETSTORMid:139212
Trust: 1.7
db:JVNDBid:JVNDB-2015-007448
Trust: 0.8
db:CNNVDid:CNNVD-201611-043
Trust: 0.7
db:VULHUBid:VHN-82585
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82585 // 
            
            
            
            JVNDB: JVNDB-2015-007448 // 
            
            
            
            CNNVD: CNNVD-201611-043 // 
            
            
            
            NVD: CVE-2015-4624

REFERENCES
url:http://packetstormsecurity.com/files/133052/wifi-pineapple-predictable-csrf-token.html
Trust: 2.5
url:https://www.exploit-db.com/exploits/40609/
Trust: 1.7
url:http://packetstormsecurity.com/files/139212/hak5-wifi-pineapple-preconfiguration-command-injection-2.html
Trust: 1.7
url:http://www.securityfocus.com/archive/1/536184/100/500/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4624
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-4624
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/536184/100/500/threaded
Trust: 0.6
sources:
            
            
            VULHUB: VHN-82585 // 
            
            
            
            JVNDB: JVNDB-2015-007448 // 
            
            
            
            CNNVD: CNNVD-201611-043 // 
            
            
            
            NVD: CVE-2015-4624

SOURCES
db:VULHUBid:VHN-82585
db:JVNDBid:JVNDB-2015-007448
db:CNNVDid:CNNVD-201611-043
db:NVDid:CVE-2015-4624

LAST UPDATE DATE
2024-11-23T22:49:08.144000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82585date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2015-007448date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201611-043date:2017-04-01T00:00:00
db:NVDid:CVE-2015-4624date:2024-11-21T02:31:25.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-82585date:2017-03-31T00:00:00
db:JVNDBid:JVNDB-2015-007448date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201611-043date:2016-10-19T00:00:00
db:NVDid:CVE-2015-4624date:2017-03-31T16:59:00.443