CVE-2018-1129
moderate-risk
Published 2018-07-10
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Do I need to act?
-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (20)
Ceph Storage Mon
Ceph Storage Mon
Ceph Storage Osd
Ceph Storage Osd
Ceph
Ceph
Ceph
Ceph
Ceph
Ceph
Ceph
Ceph
Ceph
Ceph
References (22)
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
Issue Tracking
http://tracker.ceph.com/issues/24837
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2177
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2179
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2261
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2274
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1576057
Third Party Advisory
https://www.debian.org/security/2018/dsa-4339
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
Issue Tracking
http://tracker.ceph.com/issues/24837
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2177
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2179
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2261
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2274
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1576057
and 2 more references
45
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
23/34 · High