CVE-2018-15781

EPSS 0.24%
Veröffentlicht 13.02.2019 16:29:00
Zuletzt bearbeitet 21.11.2024 03:51:27
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Wyse Thinlinux Version >= 2.0 < 2.1.0.01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.445

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8	2.1	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	7.9	5.5	10	AV:A/AC:M/Au:N/C:C/I:C/A:C
security_alert@emc.com	7.9	1.2	6	CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.dell.com/support/article/SLN316104

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-15781

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15781

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15781

EUVD