Vulnerability Details : CVE-2018-1000115
Public exploit exists!
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
Vulnerability category: Denial of service
Products affected by CVE-2018-1000115
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.5.5:*:*:*:*:*:*:*
Threat overview for CVE-2018-1000115
Top countries where our scanners detected CVE-2018-1000115
Top open port discovered on systems with this issue
11211
IPs affected by CVE-2018-1000115 21
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-1000115!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-1000115
86.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2018-1000115
-
Memcached Stats Amplification Scanner
Disclosure Date: 2018-02-27First seen: 2020-04-26auxiliary/scanner/memcached/memcached_ampThis module can be used to discover Memcached servers which expose the unrestricted UDP port 11211. A basic "stats" request is executed to check if an amplification attack is possible against a third party. Authors: - Marek Majkowski - xistence <xistence@0x9
CVSS scores for CVE-2018-1000115
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-1000115
-
The product does not properly control the allocation and maintenance of a limited resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000115
-
https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
disable UDP port by default · memcached/memcached@dbb7a8a · GitHubPatch;Third Party Advisory
-
https://twitter.com/dormando/status/968579781729009664
dormando on Twitter: "For what it's worth, if you're getting attacked by memcached's, it's pretty easy to disable them since the source won't be spoofed. They may accept "shutdown\r\n", but also runniThird Party Advisory
-
https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
Memcached-fueled 1.3 Tbps attacks - The Akamai BlogThird Party Advisory
-
https://www.exploit-db.com/exploits/44264/
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)Exploit;Third Party Advisory;VDB Entry
-
https://github.com/memcached/memcached/wiki/ReleaseNotes156
ReleaseNotes156 · memcached/memcached Wiki · GitHubThird Party Advisory
-
https://www.synology.com/support/security/Synology_SA_18_07
Synology Inc.Third Party Advisory
-
https://github.com/memcached/memcached/issues/348
UDP Amplification Attacks, result of Memcached UDP port 11211 · Issue #348 · memcached/memcached · GitHubIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHBA-2018:2140
RHBA-2018:2140 - Bug Fix Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4218
Debian -- Security Information -- DSA-4218-1 memcachedThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2857
RHSA-2018:2857 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3588-1/
USN-3588-1: Memcached vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2331
RHSA-2018:2331 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.exploit-db.com/exploits/44265/
Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan APIExploit;Third Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:1593
RHSA-2018:1593 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1627
RHSA-2018:1627 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to