CVE-2018-16738

Опубликовано: 10 окт. 2018

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.

Ссылки

http://tinc-vpn.org/security/
Vendor Advisory
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
https://www.debian.org/security/2018/dsa-4312
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20190227-0002/
Third Party Advisory
http://tinc-vpn.org/security/
Vendor Advisory
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
https://www.debian.org/security/2018/dsa-4312
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20190227-0002/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tinc-vpn:tinc:*:*:*:*:*:*:*:*

Версия от 1.0.30 (включая) до 1.0.34 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*

EPSS

Процентиль: 55%

0.00324

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2018-16738

CVSS3: 3.7

ubuntu

больше 7 лет назад

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.

CVE-2018-16738

CVSS3: 3.7

debian

больше 7 лет назад

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, altho ...

GHSA-c478-67p7-rg2p

CVSS3: 3.7

github

больше 3 лет назад

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.

EPSS

Процентиль: 55%

0.00324

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287