CVE-2015-2471 MSXML Vulnerability in StarWind Products
Title: CVE-2015-2471 MSXML Vulnerability in StarWind Products
Note: StarWind will continue to update information regarding this vulnerability as new details become available.
Vulnerability ID: SW-20151106-0001
Version: 1.0
Date: 2015-11-06
Status: Final
CVEs: CVE-2015-2471
- Overview
- Affected Products
- Remediation
- Revision History
Summary
StarWind VSAN product incorporates MSXML service. Service version prior to 6.0 sp3 is supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka “MSXML Information Disclosure Vulnerability,” a different vulnerability than CVE-2015-2434
Impact
Successful defeat of cryptographic protection mechanisms by sniffing the network and conducting a decryption attack
Vulnerability Scoring
| CVE | CVSS 2.0 Score | CVSS 3.x Score |
|---|---|---|
| CVE-2015-2471 | 4.3 (MEDIUM) | N/A |
Vector
CVSS:2.0 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
References
| Resource | Hyperlink |
|---|---|
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2015-2471 |
Affected Products:
StarWind HCA and software installations with the following builds:
StarWind VSAN v8 build 8198
StarWind VSAN v8 build 7929
StarWind VSAN v8 build 7774
StarWind VSAN v8 build 7509
StarWind VSAN v8 build 7471
StarWind VSAN v8 build 7354
StarWind VSAN v8 build 7145
StarWind VSAN v8 build 6884
StarWind VTL component
StarWind Tape Redirector component
StarWind V2V
Not affected products:
N/A
Software Versions and Fixes
Fixed in StarWind VSAN v8 build 8716
Workaround
Update to StarWind VSAN build 8716 or higher
Obtaining Software Fixes
Software updates will be available in StarWind release notes – https://www.starwindsoftware.com/release-notes-build. To update the software, perform the steps described at the following link – https://knowledgebase.starwindsoftware.com/guidance/upgrading-from-any-starwind-version-to-any-starwind-version/ or contact support to perform an update. You can submit a support request using the following link https://www.starwindsoftware.com/support-form or contact Support directly via email support@starwind.com or via phone +1 617 829 4499.
Status of Notice
Final
StarWind will continue to update information regarding this vulnerability as new details become available.
This vulnerability article should be considered as the single source of current, up-to-date, authorized and accurate information posted by StarWind Software.
Revision History
| Revision # | Date | Comments |
|---|---|---|
| 1.0 | 2015-11-06 | Initial Public Release and Final Status |