{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-03-22T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-25T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-9091", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability", "refsource": "CONFIRM", "url": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:17:50.616Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-9091", "datePublished": "2018-05-25T19:00:00.000Z", "dateReserved": "2018-03-27T00:00:00.000Z", "dateUpdated": "2024-08-05T07:17:50.616Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kemptechnologies:loadmaster_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "05F1F8F0-F6AA-4527-9B67-2813F107BDBC", "versionEndIncluding": "7.2.41.2", "versionStartIncluding": "6.0.44", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kemptechnologies:loadmaster_operating_system:*:*:*:*:lts:*:*:*", "matchCriteriaId": "9F93C454-6A70-4044-B207-6B9E971A4E4C", "versionEndExcluding": "7.1.35.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible."}, {"lang": "es", "value": "Una vulnerabilidad cr\u00edtica relacionada con la gesti\u00f3n de sesiones en KEMP LoadMaster Operating System (LMOS), de la versi\u00f3n 6.0.44 hasta la 7.2.41.2, y Long Term Support (LTS) LMOS, en versiones anteriores a la 7.1.35.5, podr\u00eda permitir que un atacante remoto no autenticado omita las protecciones de seguridad, obtenga privilegios del sistema y ejecute comandos elevados como ls, ps, cat, etc., comprometiendo el sistema. Mediante esta ejecuci\u00f3n remota, en ciertos casos, podr\u00edan exponerse datos sensibles del sistema como certificados, claves privadas u otro tipo de informaci\u00f3n."}], "id": "CVE-2018-9091", "lastModified": "2024-11-21T04:14:57.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-25T19:29:00.523", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}