5.9

CVE-2018-16758

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tinc-vpnTinc Version <= 1.0.34
DebianDebian Linux Version9.0
StarwindsoftwareStarwind Virtual San Versionv8 Updatebuild12533 SwPlatformvsphere
StarwindsoftwareStarwind Virtual San Versionv8 Updatebuild12658 SwPlatformvsphere
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.95% 0.565
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://tinc-vpn.org/security/
Vendor Advisory
https://www.debian.org/security/2018/dsa-4312
Third Party Advisory
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=e97943b7cc9c851ae36f5a41e2b6102faa74193f
https://www.starwindsoftware.com/security/sw-20190227-0003/
Third Party Advisory