CVE-2018-1281 - OpenCVE

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Mxnet

Configuration 1 [-]

cpe:2.3:a:apache:mxnet:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dmlc/ps-lite/commit/4be817e8b03e7e92517e91f2dfcc50865e91c6ea

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-06-08T19:00:00Z

Updated: 2024-09-17T00:26:46.445Z

Reserved: 2017-12-07T00:00:00

Link: CVE-2018-1281

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-06-08T19:29:00.263

Modified: 2018-08-03T15:53:09.547

Link: CVE-2018-1281

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache MXNet", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "versions older than 1.0.0"}]}], "datePublic": "2018-01-02T00:00:00", "descriptions": [{"lang": "en", "value": "The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces."}], "problemTypes": [{"descriptions": [{"description": "Allows unauthorized access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-08T18:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dmlc/ps-lite/commit/4be817e8b03e7e92517e91f2dfcc50865e91c6ea"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2018-1281", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache MXNet", "version": {"version_data": [{"version_value": "versions older than 1.0.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Allows unauthorized access"}]}]}, "references": {"reference_data": [{"name": "https://github.com/dmlc/ps-lite/commit/4be817e8b03e7e92517e91f2dfcc50865e91c6ea", "refsource": "CONFIRM", "url": "https://github.com/dmlc/ps-lite/commit/4be817e8b03e7e92517e91f2dfcc50865e91c6ea"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:59:37.275Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/dmlc/ps-lite/commit/4be817e8b03e7e92517e91f2dfcc50865e91c6ea"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-1281", "datePublished": "2018-06-08T19:00:00Z", "dateReserved": "2017-12-07T00:00:00", "dateUpdated": "2024-09-17T00:26:46.445Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:mxnet:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EC14C93-9AF9-40BC-AA91-17399E9E5B6F", "versionEndExcluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces."}, {"lang": "es", "value": "La instalaci\u00f3n en cl\u00fasters de Apache MXNet permite que los usuarios especifiquen en qu\u00e9 direcci\u00f3n y puerto IP va a escuchar el scheduler mediante las variables de entorno DMLC_PS_ROOT_URI y DMLC_PS_ROOT_PORT. En las versiones anteriores a la 1.0.0, sin embargo, el framework MXNet escuchar\u00e1 en 0.0.0.0 en lugar del DMLC_PS_ROOT_URI especificado por el usuario una vez se ha inicializado un nodo scheduler. Esto expone la instancia que est\u00e1 ejecutando MXNet a cualquier atacante y la vuelve alcanzable mediante la interfaz que no esperaban que estuviese escuchando. Por ejemplo: si un usuario quiere ejecutar localmente una instalaci\u00f3n en cl\u00fasters, puede especificar que se ejecute en 127.0.0.1. Pero, debido a que MXNet escuchar\u00e1 en 0.0.0.0, hace que el puerto sea accesible en todas las interfaces de red."}], "id": "CVE-2018-1281", "lastModified": "2018-08-03T15:53:09.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-08T19:29:00.263", "references": [{"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/dmlc/ps-lite/commit/4be817e8b03e7e92517e91f2dfcc50865e91c6ea"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}