Multiple vulnerabilities in IBM Security Network Protection
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-1426 CVE-2018-1427 CVE-2018-1428 CVE-2018-1447 |
| CWE-ID | CWE-338 CWE-190 CWE-327 CWE-521 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Security Network Protection Web applications / Other software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Use of cryptographically weak PRNG
EUVDB-ID: #VU12311
Risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1426
CWE-ID:
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.
Install update from vendor's website.
Vulnerable software versionsSecurity Network Protection: 5.3.1 - 5.3.3
CPE2.3- cpe:2.3:a:ibm_corporation:security_network_protection:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:security_network_protection:5.3.3:*:*:*:*:*:*:*
https://www-01.ibm.com/support/docview.wss?uid=swg22016549
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU12310
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1427
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to IBM GSKit contains several environment variables. A local attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsSecurity Network Protection: 5.3.1 - 5.3.3
CPE2.3- cpe:2.3:a:ibm_corporation:security_network_protection:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:security_network_protection:5.3.3:*:*:*:*:*:*:*
https://www-01.ibm.com/support/docview.wss?uid=swg22016549
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU12309
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1428
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to IBM GSKit uses weaker than expected cryptographic algorithms. A local attacker can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsSecurity Network Protection: 5.3.1 - 5.3.3
CPE2.3- cpe:2.3:a:ibm_corporation:security_network_protection:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:security_network_protection:5.3.3:*:*:*:*:*:*:*
https://www-01.ibm.com/support/docview.wss?uid=swg22016549
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Weak passwords requirements
EUVDB-ID: #VU12308
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1447
CWE-ID:
CWE-521 - Weak Password Requirements
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. A local attacker can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsSecurity Network Protection: 5.3.1 - 5.3.3
CPE2.3- cpe:2.3:a:ibm_corporation:security_network_protection:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:security_network_protection:5.3.3:*:*:*:*:*:*:*
https://www-01.ibm.com/support/docview.wss?uid=swg22016549
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
