CVE-2018-11750 - OpenCVE

Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Puppet	Cisco Ios Module

Configuration 1 [-]

cpe:2.3:a:puppet:cisco_ios_module:*:*:*:*:*:puppet:*:*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/150978	Vendor Advisory
https://puppet.com/security/cve/CVE-2018-11750	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: puppet

Published: 2018-10-02T19:00:00

Updated: 2018-10-02T18:57:01

Reserved: 2018-06-05T00:00:00

Link: CVE-2018-11750

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-02T19:29:00.837

Modified: 2019-01-02T15:09:37.740

Link: CVE-2018-11750

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:cisco_ios_module:*:*:*:*:*:puppet:*:*", "matchCriteriaId": "D73D456A-1027-4928-A9A3-B7A80B675D85", "versionEndExcluding": "0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default."}, {"lang": "es", "value": "Las versiones anteriores del m\u00f3dulo cisco_ios para Puppet no validaron la identidad de un host antes de comenzar una conexi\u00f3n SSH. En la versi\u00f3n 0.4.0 de cisco_ios, la comprobaci\u00f3n de claves de host est\u00e1 habilitada por defecto."}], "id": "CVE-2018-11750", "lastModified": "2019-01-02T15:09:37.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-02T19:29:00.837", "references": [{"source": "nvd@nist.gov", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150978"}, {"source": "security@puppet.com", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/CVE-2018-11750"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}