CVE-2017-15918

Exploit

EPSS 0.26%
Veröffentlicht 01.11.2017 17:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ignitum ≫ Sera Version1.2 SwPlatformiphone_os

Ignitum ≫ Sera Version1.2 SwPlatformmac_os_x

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.46

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://m4.rkw.io/blog/cve201715918-sera-12-local-root-privesc-and-password-disclosure.html

Third Party Advisory

Exploit

https://www.exploit-db.com/exploits/43221/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-15918

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15918

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15918

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-15918