Vulnerability BDU:2018-01037 - Russian Vulnerability Scanner Database

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.5high3.x

0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x

7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0

7.8

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Description

Уязвимость средства криптографической защиты OpenSSH связана с различной реакцией сервера на запросы аутентификации при наличии и отсутствии соответствующих учетных записей. Эксплуатация уязвимости может позволить нарушителю выявить существующие записи пользователей путем отправки специально сформированных запросов аутентификации

Sources

bdu

Related Vulnerabilities

CVE-2018-15473

Exploits

Exploit ID: 45210

Source: exploitdb

URL: https://www.exploit-db.com/exploits/45210

Exploit ID: 45233

Source: exploitdb

URL: https://www.exploit-db.com/exploits/45233

Exploit ID: 45939

Source: exploitdb

URL: https://www.exploit-db.com/exploits/45939

Exploit ID: CVE-2018-15473

Source: github-poc

URL: https://github.com/kaktus5454/CVE-2018-15473

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15473

https://www.securitylab.ru/news/495248.php

http://www.exploit-db.com/exploits/45210/

https://www.exploit-db.com/exploits/45233

https://www.exploit-db.com/exploits/45939

https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/

https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf

http://www.openwall.com/lists/oss-security/2018/08/15/5

http://www.securityfocus.com/bid/105140

http://www.securitytracker.com/id/1041487

https://bugs.debian.org/906236

https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011

https://security.gentoo.org/glsa/201810-03

https://security.netapp.com/advisory/ntap-20181101-0001

https://usn.ubuntu.com/3809-1

https://www.debian.org/security/2018/dsa-4280

https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483

https://www.oracle.com/security-alerts/cpujan2020.html

Recommendations

Source: bdu

Для openssh:
Обновление программного обеспечения до 1:6.7p1-5+deb8u8 или более поздней версии

Для Astra Linux:
Обновление программного обеспечения (пакета openssh) до 1:6.7p1-5+deb8u8 или более поздней версии

Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujan2020.html

Для Debian:
Обновление программного обеспечения (пакета openssh) до 1:6.7p1-5+deb8u8 или более поздней версии

Компенсирующие меры для SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP:
Следовать рекомендациям производителя:
https://www.siemens.com/cert/operational-guidelines-industrial-security
Использование приложений только из надежных источников

URL: https://bdu.fstec.ru/vul/2018-01037

Vulnerable Software (9)

Type: Configuration

Vendor: openbsd project

Product: openssh

Operating System: astra 1.5

Trait:

{  "version_end_excluding": "7.7",  "version_start_including": "2.3"}

Source: bdu

Type: Configuration

Vendor: openbsd project

Product: openssh

Operating System: debian gnu/linux 9

Trait:

{  "version_end_excluding": "7.7",  "version_start_including": "2.3"}

Source: bdu

Type: Configuration

Vendor: openbsd project

Product: openssh

Operating System: debian gnu/linux 8

Trait:

{  "version_end_excluding": "7.7",  "version_start_including": "2.3"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: sun zfs storage appliance kit

Operating System: astra 1.5

Trait:

{  "version_exact": "8.8.6"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: sun zfs storage appliance kit

Operating System: debian gnu/linux 9

Trait:

{  "version_exact": "8.8.6"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: sun zfs storage appliance kit

Operating System: debian gnu/linux 8

Trait:

{  "version_exact": "8.8.6"}

Source: bdu

Type: Configuration

Vendor: siemens ag

Product: simatic s7-1500 cpu 1518(f)-4 pn/dp mfp

Operating System: astra 1.5

Trait:

{  "version_exact": "V2.6.0"}

Source: bdu

Type: Configuration

Vendor: siemens ag

Product: simatic s7-1500 cpu 1518(f)-4 pn/dp mfp

Operating System: debian gnu/linux 9

Trait:

{  "version_exact": "V2.6.0"}

Source: bdu

Type: Configuration

Vendor: siemens ag

Product: simatic s7-1500 cpu 1518(f)-4 pn/dp mfp

Operating System: debian gnu/linux 8

Trait:

{  "version_exact": "V2.6.0"}

Source: bdu

End of list

Russian Vulnerability Scanner Database

BDU:2018-01037

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Related Vulnerabilities

Exploits

Reference Links

Recommendations

Vulnerable Software (9)