Lucene search

TrellixCVELIST:CVE-2018-6695

HistoryOct 03, 2018 - 9:00 p.m.

CVE-2018-6695 Threat Intelligence Exchange Server (TIE Server) SSH host keys generation vulnerability

2018-10-0321:00:00

trellix

www.cve.org

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

31.2%

JSON

SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.

CNA Affected

[
  {
    "platforms": [
      "x86"
    ],
    "product": "Threat Intelligence Exchange Server (TIE Server) ",
    "vendor": "McAfee",
    "versions": [
      {
        "status": "affected",
        "version": "1.3.0"
      },
      {
        "lessThan": "2.0.0*",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "2.3.0*",
        "status": "unaffected",
        "version": "2.3.0",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10253

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

31.2%

JSON

Related for CVELIST:CVE-2018-6695