Details of VAR-201811-0036

ID

VAR-201811-0036

CVE

CVE-2018-15768

TITLE

Dell OpenManage Network Manager Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012239

DESCRIPTION

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. Dell OpenManage Network Manager Contains an access control vulnerability.Information may be obtained. Remote attackers can exploit this issue to gain elevated privileges

Trust: 1.98

sources: NVD: CVE-2018-15768 // JVNDB: JVNDB-2018-012239 // BID: 105914 // VULHUB: VHN-126060

AFFECTED PRODUCTS

vendor:	dell	model:	openmanage network manager	scope:	lt	version:	6.5.0	Trust: 1.8
vendor:	dell	model:	openmanage network manager	scope:	eq	version:	6.0	Trust: 0.3
vendor:	dell	model:	openmanage network manager	scope:	ne	version:	6.5	Trust: 0.3

sources: BID: 105914 // JVNDB: JVNDB-2018-012239 // NVD: CVE-2018-15768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15768
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15768
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201811-125
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-126060
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15768
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-126060
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15768
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-126060 // JVNDB: JVNDB-2018-012239 // CNNVD: CNNVD-201811-125 // NVD: CVE-2018-15768

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-126060 // JVNDB: JVNDB-2018-012239 // NVD: CVE-2018-15768

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-125

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201811-125

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012239

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-126060

PATCH

title:	Dell OpenManage Network Manager Security Vulnerabilities	url:	https://www.dell.com/support/article/jp/ja/jpdhs1/sln314610/dell-openmanage-network-manager-security-vulnerabilities?lang=en	Trust: 0.8
title:	Dell OpenManage Network Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86632	Trust: 0.6

sources: JVNDB: JVNDB-2018-012239 // CNNVD: CNNVD-201811-125

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15768	Trust: 2.8
db:	BID	id:	105914	Trust: 2.8
db:	EXPLOIT-DB	id:	45852	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-012239	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-125	Trust: 0.6
db:	VULHUB	id:	VHN-126060	Trust: 0.1

sources: VULHUB: VHN-126060 // BID: 105914 // JVNDB: JVNDB-2018-012239 // CNNVD: CNNVD-201811-125 // NVD: CVE-2018-15768

REFERENCES

url:	http://www.securityfocus.com/bid/105914	Trust: 2.5
url:	https://www.exploit-db.com/exploits/45852/	Trust: 1.7
url:	https://www.dell.com/support/article/us/en/04/sln314610/dell-openmanage-network-manager-security-vulnerabilities	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15768	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15768	Trust: 0.8
url:	https://support.software.dell.com/sonicwall-netextender/windows	Trust: 0.3
url:	https://www.dell.com/support/article/us/en/04/sln314610/dell-openmanage-network-manager-security-vulnerabilities?lang=en	Trust: 0.3

sources: VULHUB: VHN-126060 // BID: 105914 // JVNDB: JVNDB-2018-012239 // CNNVD: CNNVD-201811-125 // NVD: CVE-2018-15768

CREDITS

Matt Bergin (@thatguylevel) of KoreLogic, Inc.

Trust: 0.3

sources: BID: 105914

SOURCES

db:	VULHUB	id:	VHN-126060
db:	BID	id:	105914
db:	JVNDB	id:	JVNDB-2018-012239
db:	CNNVD	id:	CNNVD-201811-125
db:	NVD	id:	CVE-2018-15768

LAST UPDATE DATE

2024-11-23T21:38:03.243000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-126060	date:	2020-08-24T00:00:00
db:	BID	id:	105914	date:	2018-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-012239	date:	2019-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201811-125	date:	2020-10-23T00:00:00
db:	NVD	id:	CVE-2018-15768	date:	2024-11-21T03:51:26.053

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-126060	date:	2018-11-30T00:00:00
db:	BID	id:	105914	date:	2018-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-012239	date:	2019-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201811-125	date:	2018-11-07T00:00:00
db:	NVD	id:	CVE-2018-15768	date:	2018-11-30T17:29:00.363