CVE-2018-7268
Last modified
CVE-2018-7268 is a vulnerability of currently unknown severity. MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. EPSS estimates a 0.55% chance of exploitation in the next 30 days.
Description
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Magnicomp | Sysinfo | < 10-h81 |
References
- http://packetstormsecurity.com/files/147687/MagniComp-SysInfo-Information-Exposure.htmlThird Party Advisory, VDB Entry
- https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.txtThird Party Advisory
- http://packetstormsecurity.com/files/147687/MagniComp-SysInfo-Information-Exposure.htmlThird Party Advisory, VDB Entry
- https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.txtThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-7268?
How severe is CVE-2018-7268?
How do I fix CVE-2018-7268?
Are you affected by CVE-2018-7268?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST