Vulnerability Details : CVE-2018-15765
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.
Vulnerability category: Information leak
Products affected by CVE-2018-15765
- cpe:2.3:a:dell:emc_secure_remote_services:*:*:*:*:virtual:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-15765
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-15765
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | |
|
3.4
|
LOW | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
0.8
|
2.5
|
Dell |
CWE ids for CVE-2018-15765
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-15765
-
http://www.securityfocus.com/bid/105694
Dell EMC ESRS Virtual Edition Multiple VulnerabilitiesThird Party Advisory;VDB Entry
-
https://seclists.org/fulldisclosure/2018/Oct/35
Full Disclosure: DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple VulnerabilitiesMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1041877
Dell EMC Secure Remote Services File Permission Bugs Let Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to