CVE-2018-5261

low-risk
Published 2018-02-02

An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Flexense

References (2)

Exploit https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261
Exploit https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261
29
/ 100
low-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal