#VU64828 Improper Authentication in etcd - CVE-2018-16886

Cybersecurity Help s.r.o.

Published: 2022-06-30 | Updated: 2022-07-05

Vulnerability identifier: #VU64828

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-16886

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
etcd
Server applications / Database software

Vendor: CoreOS

Description

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. A remote user can authenticate as user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

etcd: 3.2.0 - 3.3.10

External links
https://www.securityfocus.com/bid/106540
https://access.redhat.com/errata/RHSA-2019:0237
https://access.redhat.com/errata/RHSA-2019:1352
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886
https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication
https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for etcd

Multiple vulnerabilities in IBM QRadar Suite Software

Multiple vulnerabilities in IBM Edge Application Manager

Red Hat Enterprise Linux 7 Extras update for etcd

Fedora 29 update for etcd

Fedora 30 update for etcd

Red Hat Enterprise Linux 7 Extras update for etcd