CVE-2018-1129
Severity
6.5MEDIUM
EPSS
0.3%
top 44.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 10
Latest updateMay 14
Description
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
CVSS vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages11 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-7qc9-w55v-w7p3: A flaw was found in the way signature calculation was handled by cephx authentication protocol↗2022-05-14
CVEList▶
CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol↗2018-07-10
OSV▶
CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol↗2018-07-10
📋Vendor Advisories
3Microsoft▶
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to b↗2018-07-10
Debian▶
CVE-2018-1129: ceph - A flaw was found in the way signature calculation was handled by cephx authentic...↗2018