CVE-2018-16737

CWE-287Improper Authentication8 documents6 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 40.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tinc-vpn TincStarwindsoftware Starwind Virtual SAN
Timeline
PublishedOct 10
Latest updateMay 14

Description

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDtinc-vpn/tinc< 1.0.30
Debiantinc< 1.0.31-1+3

🔴Vulnerability Details

3
GHSA
GHSA-86wc-mxwc-62wr: tinc before 12022-05-14
OSV
CVE-2018-16737: tinc before 12018-10-10
CVEList
CVE-2018-16737: tinc before 12018-10-10

📋Vendor Advisories

1
Debian
CVE-2018-16737: tinc - tinc before 1.0.30 has a broken authentication protocol, without even a partial ...2018

💬Community

3
Bugzilla
CVE-2018-16737 CVE-2018-16738 CVE-2018-16758 tinc: Multiple issues fixed in the 1.0.35 release2018-10-09
Bugzilla
CVE-2018-16737 CVE-2018-16738 CVE-2018-16758 tinc: Multiple issues fixed in the 1.0.35 release [fedora-all]2018-10-09
Bugzilla
CVE-2018-16737 CVE-2018-16738 CVE-2018-16758 tinc: Multiple issues fixed in the 1.0.35 release [epel-all]2018-10-09
CVE-2018-16737 (MEDIUM CVSS 5.3) | tinc before 1.0.30 has a broken aut | cvebase.io