CVE-2018-18406 - OpenCVE

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tufin	Securetrack Tufinos

Configuration 1 [-]

AND

cpe:2.3:a:tufin:securetrack:18.1:*:*:*:*:*:*:*

cpe:2.3:o:tufin:tufinos:2.16:build_1179:*:*:*:*:*:*

References

Link	Resource
https://forum.tufin.com/support/kc/latest/	Vendor Advisory
https://www.exploit-db.com/exploits/45808	Exploit Third Party Advisory VDB Entry
https://www.tufin.com/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-19T16:00:37

Updated: 2019-06-19T16:00:37

Reserved: 2018-10-16T00:00:00

Link: CVE-2018-18406

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-06-19T16:15:10.517

Modified: 2019-06-24T12:29:21.303

Link: CVE-2018-18406

JSON object: View

Redhat Information

No data.

CWE

CWE-611

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-19T16:00:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tufin.com/"}, {"tags": ["x_refsource_MISC"], "url": "https://forum.tufin.com/support/kc/latest/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/45808"}], "x_ConverterErrors": {"cvssV3_0": {"error": "CVSSV3_0 data from v4 record is invalid", "message": "Missing mandatory metrics \"AV\""}}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18406", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "availabilityImpact": "LOW", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/A:L/C:H/I:H/PR:L/S:C/UI:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.tufin.com/", "refsource": "MISC", "url": "https://www.tufin.com/"}, {"name": "https://forum.tufin.com/support/kc/latest/", "refsource": "MISC", "url": "https://forum.tufin.com/support/kc/latest/"}, {"name": "https://www.exploit-db.com/exploits/45808", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/45808"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18406", "datePublished": "2019-06-19T16:00:37", "dateReserved": "2018-10-16T00:00:00", "dateUpdated": "2019-06-19T16:00:37", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tufin:securetrack:18.1:*:*:*:*:*:*:*", "matchCriteriaId": "0060C64E-B812-4103-B0CF-4AF9F2D2E949", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:tufin:tufinos:2.16:build_1179:*:*:*:*:*:*", "matchCriteriaId": "9F3DC27C-1EAC-4FDD-97C4-63D69C9AEB28", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users."}, {"lang": "es", "value": "Se detecto un problema en Tufin SecureTrack 18.1 con TufinOS 2.16, compilaci\u00f3n 1179 (final). El m\u00f3dulo Informe de auditor\u00eda se ve afectado por una vulnerabilidad oculta de la XXE cuando se guarda un nuevo Informe de mejores pr\u00e1cticas utilizando una carga \u00fatil especial dentro del campo de entrada de XML. La vulnerabilidad XXE es ciega, ya que la respuesta no muestra directamente un archivo solicitado, sino que lo devuelve dentro del campo de datos de nombre cuando se guarda el informe. Un atacante puede ver archivos restringidos del sistema operativo. Este problema afecta a todos los tipos de usuarios: administradores o usuarios normales."}], "id": "CVE-2018-18406", "lastModified": "2019-06-24T12:29:21.303", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-19T16:15:10.517", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://forum.tufin.com/support/kc/latest/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45808"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.tufin.com/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}