CVE-2018-9091 - OpenCVE

A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kemptechnologies	Loadmaster Operating System

Configuration 1 [-]

cpe:2.3:o:kemptechnologies:loadmaster_operating_system:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:kemptechnologies:loadmaster_operating_system:*:*:*:*:lts:*:*:*

No data.

References

Link	Providers
https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-25T19:00:00

Updated: 2024-08-05T07:17:50.616Z

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9091

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-05-25T19:29:00.523

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-9091

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-03-22T00:00:00", "descriptions": [{"lang": "en", "value": "A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-25T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-9091", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability", "refsource": "CONFIRM", "url": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:17:50.616Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-9091", "datePublished": "2018-05-25T19:00:00", "dateReserved": "2018-03-27T00:00:00", "dateUpdated": "2024-08-05T07:17:50.616Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kemptechnologies:loadmaster_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "05F1F8F0-F6AA-4527-9B67-2813F107BDBC", "versionEndIncluding": "7.2.41.2", "versionStartIncluding": "6.0.44", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kemptechnologies:loadmaster_operating_system:*:*:*:*:lts:*:*:*", "matchCriteriaId": "9F93C454-6A70-4044-B207-6B9E971A4E4C", "versionEndExcluding": "7.1.35.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible."}, {"lang": "es", "value": "Una vulnerabilidad cr\u00edtica relacionada con la gesti\u00f3n de sesiones en KEMP LoadMaster Operating System (LMOS), de la versi\u00f3n 6.0.44 hasta la 7.2.41.2, y Long Term Support (LTS) LMOS, en versiones anteriores a la 7.1.35.5, podr\u00eda permitir que un atacante remoto no autenticado omita las protecciones de seguridad, obtenga privilegios del sistema y ejecute comandos elevados como ls, ps, cat, etc., comprometiendo el sistema. Mediante esta ejecuci\u00f3n remota, en ciertos casos, podr\u00edan exponerse datos sensibles del sistema como certificados, claves privadas u otro tipo de informaci\u00f3n."}], "id": "CVE-2018-9091", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-25T19:29:00.523", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}