CVE-2018-11750 - Vulnerability Details

Vendors	Products
Puppet	Cisco Ios Module

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/150978
https://puppet.com/security/cve/CVE-2018-11750

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-02T18:57:01", "orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "puppet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/CVE-2018-11750"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@puppet.com", "ID": "CVE-2018-11750", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://puppet.com/security/cve/CVE-2018-11750", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/CVE-2018-11750"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:17:09.099Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/CVE-2018-11750"}]}]}, "cveMetadata": {"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "assignerShortName": "puppet", "cveId": "CVE-2018-11750", "datePublished": "2018-10-02T19:00:00", "dateReserved": "2018-06-05T00:00:00", "dateUpdated": "2024-08-05T08:17:09.099Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2018-10-02T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-02T18:57:01 (string)

orgId : ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e (string)

shortName : puppet (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://puppet.com/security/cve/CVE-2018-11750 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@puppet.com (string)

ID : CVE-2018-11750 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://puppet.com/security/cve/CVE-2018-11750 (string)

refsource : CONFIRM (string)

url : https://puppet.com/security/cve/CVE-2018-11750 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T08:17:09.099Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://puppet.com/security/cve/CVE-2018-11750 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e (string)

assignerShortName : puppet (string)

cveId : CVE-2018-11750 (string)

datePublished : 2018-10-02T19:00:00 (string)

dateReserved : 2018-06-05T00:00:00 (string)

dateUpdated : 2024-08-05T08:17:09.099Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:cisco_ios_module:*:*:*:*:*:puppet:*:*", "matchCriteriaId": "D73D456A-1027-4928-A9A3-B7A80B675D85", "versionEndExcluding": "0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default."}, {"lang": "es", "value": "Las versiones anteriores del m\u00f3dulo cisco_ios para Puppet no validaron la identidad de un host antes de comenzar una conexi\u00f3n SSH. En la versi\u00f3n 0.4.0 de cisco_ios, la comprobaci\u00f3n de claves de host est\u00e1 habilitada por defecto."}], "id": "CVE-2018-11750", "lastModified": "2024-11-21T03:43:57.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-02T19:29:00.837", "references": [{"source": "security@puppet.com", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/CVE-2018-11750"}, {"source": "nvd@nist.gov", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150978"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/CVE-2018-11750"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:puppet:cisco_ios_module:*:*:*:*:*:puppet:*:* (string)

matchCriteriaId : D73D456A-1027-4928-A9A3-B7A80B675D85 (string)

versionEndExcluding : 0.4.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default. (string)

}

1 : { »

lang : es (string)

value : Las versiones anteriores del módulo cisco_ios para Puppet no validaron la identidad de un host antes de comenzar una conexión SSH. En la versión 0.4.0 de cisco_ios, la comprobación de claves de host está habilitada por defecto. (string)

}

]

id : CVE-2018-11750 (string)

lastModified : 2024-11-21T03:43:57.580 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-10-02T19:29:00.837 (string)

references : [ »

0 : { »

source : security@puppet.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://puppet.com/security/cve/CVE-2018-11750 (string)

}

1 : { »

source : nvd@nist.gov (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/150978 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://puppet.com/security/cve/CVE-2018-11750 (string)

}

]

sourceIdentifier : security@puppet.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object