CVE-2018-11050
Last modified
CVE-2018-11050 is a vulnerability of currently unknown severity. Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. EPSS estimates a 0.68% chance of exploitation in the next 30 days.
Description
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Networker | <= 9.0 |
| Dell | Emc Networker | >= 9.1.1.8, <= 9.2.1.3 |
| Dell | Emc Networker | 18.1.0.1 |
References
- http://seclists.org/fulldisclosure/2018/Jul/92Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/104963Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041393Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2018/Jul/92Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/104963Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041393Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11050?
How severe is CVE-2018-11050?
How do I fix CVE-2018-11050?
Are you affected by CVE-2018-11050?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST