{"vuid":"VU#350508","idnumber":"350508","name":"HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password","keywords":["HP ArcSight SmartConnector","Local","Privilege escalation","MITM","SSL"],"overview":"The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password.","clean_desc":"CWE-295: Improper Certificate Validation - CVE-2015-2902 The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is reporting logs to. An eavesdropper can perform a man-in-the-middle attack against log traffic. CWE-259: Use of Hard-coded Password - CVE-2015-2903 Use of a default password (and no mechanism for changing it) in the CWSAPI SOAP service provided by ArcSight allows an an attacker to gain administrator credentials.","impact":"A remote attacker may be able to utilize a man-in-the-middle attack to read SSL-encrypted log traffic. A remote attacker may use the hard-coded password to gain root access to the device.","resolution":"Apply an update HP has released ArcSight SmartConnector 7.1.6, which addresses these issues. Affected users should update to version 7.1.6 or later as soon as possible.","workarounds":"","sysaffected":"","thanks":"Thanks to Jefferson Ogata for reporting this vulnerability to us.","author":"This document was written by Garret Wassermann.","public":["https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04850932","http://cwe.mitre.org/data/definitions/259.html","http://cwe.mitre.org/data/definitions/295.html"],"cveids":["CVE-2015-2902","CVE-2015-2903"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-06-25T12:47:02Z","publicdate":"2015-10-19T00:00:00Z","datefirstpublished":"2015-10-27T20:51:55Z","dateupdated":"2015-11-03T21:18:35Z","revision":57,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UR","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.1","cvss_basevector":"AV:A/AC:L/Au:S/C:C/I:C/A:N","cvss_temporalscore":"6.1","cvss_environmentalscore":"4.584053100312","cvss_environmentalvector":"CDP:N/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}