Lucene search

[email protected]CVE-2017-15918

HistoryNov 01, 2017 - 5:29 p.m.

CVE-2017-15918

2017-11-0117:29:00

CWE-522

[email protected]

web.nvd.nist.gov

sera

1.2

password

plain text

storage

privilege escalation

local attacks

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

Sera 1.2 stores the user’s login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.

Affected configurations

NVD

Node

ignitumseraMatch1.2iphone_os

ignitumseraMatch1.2mac_os_x

CPENameOperatorVersion
ignitum:seraignitum seraeq1.2

CPE	Name	Operator	Version
ignitum:sera	ignitum sera	eq	1.2

References

m4.rkw.io/blog/cve201715918-sera-12-local-root-privesc-and-password-disclosure.html

www.exploit-db.com/exploits/43221/

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

Related for CVE-2017-15918

zdt2 cvelist1 packetstorm1 nvd1 prion1