CVE-2018-6443 - OpenCVE

A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Brocade	Network Advisor
Netapp	Brocade Network Advisor

Configuration 1 [-]

cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:brocade_network_advisor:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html
https://security.netapp.com/advisory/ntap-20190411-0005/
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743

History

No history.

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2019-01-22T17:00:00

Updated: 2024-08-05T06:01:49.272Z

Reserved: 2018-01-31T00:00:00

Link: CVE-2018-6443

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-22T17:29:00.300

Modified: 2019-05-23T18:29:01.183

Link: CVE-2018-6443

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Brocade Network Advisor", "vendor": "Brocade Communications Systems, Inc.", "versions": [{"status": "affected", "version": "All versions prior to version 14.3.1"}]}], "datePublic": "2019-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console."}], "problemTypes": [{"descriptions": [{"description": "Use of Hard-coded Credentials", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-23T17:06:05", "orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190411-0005/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@brocade.com", "ID": "CVE-2018-6443", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brocade Network Advisor", "version": {"version_data": [{"version_value": "All versions prior to version 14.3.1"}]}}]}, "vendor_name": "Brocade Communications Systems, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use of Hard-coded Credentials"}]}]}, "references": {"reference_data": [{"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743", "refsource": "CONFIRM", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743"}, {"name": "https://security.netapp.com/advisory/ntap-20190411-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190411-0005/"}, {"name": "http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:01:49.272Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190411-0005/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "assignerShortName": "brocade", "cveId": "CVE-2018-6443", "datePublished": "2019-01-22T17:00:00", "dateReserved": "2018-01-31T00:00:00", "dateUpdated": "2024-08-05T06:01:49.272Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "793B0730-EF5B-4CE7-AC4F-7839078D3384", "versionEndExcluding": "14.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:brocade_network_advisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFD0457F-30E5-4AD4-9281-8344CF2B009E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console."}, {"lang": "es", "value": "Una vulnerabilidad en Brocade Network Advisor Versions, en versiones anteriores a la 14.3.1, puede permitir a un usuario no autenticado iniciar sesi\u00f3n en la interfaz de JBoss Administration de un sistema afectado, utilizando las credenciales de un usuario no documentado e instalar aplicaciones JEE adicionales. Un usuario remoto no autenticado con acceso a librer\u00edas \"Network Advisor\" del cliente y capacitado para descifrar las credenciales de Jboss podr\u00eda obtener acceso a la consola web de Jboss."}], "id": "CVE-2018-6443", "lastModified": "2019-05-23T18:29:01.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-22T17:29:00.300", "references": [{"source": "sirt@brocade.com", "url": "http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html"}, {"source": "sirt@brocade.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190411-0005/"}, {"source": "sirt@brocade.com", "tags": ["Third Party Advisory"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}