CVE-2018-16738

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.

CVSS v3 3.7 LOW
CVSS v2.0 4.3 MEDIUM

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tinc-vpn.org/security/	Vendor Advisory
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
https://www.debian.org/security/2018/dsa-4312	Third Party Advisory
https://www.starwindsoftware.com/security/sw-20190227-0002/	Third Party Advisory
http://tinc-vpn.org/security/	Vendor Advisory
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
https://www.debian.org/security/2018/dsa-4312	Third Party Advisory
https://www.starwindsoftware.com/security/sw-20190227-0002/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tinc-vpn:tinc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533::::vsphere::*
	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658::::vsphere::*

History

21 Nov 2024, 03:53

Type	Values Removed	Values Added
References	~~() http://tinc-vpn.org/security/ - Vendor Advisory~~	() http://tinc-vpn.org/security/ - Vendor Advisory
References	~~() http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a -~~	() http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a -
References	~~() https://www.debian.org/security/2018/dsa-4312 - Third Party Advisory~~	() https://www.debian.org/security/2018/dsa-4312 - Third Party Advisory
References	~~() https://www.starwindsoftware.com/security/sw-20190227-0002/ - Third Party Advisory~~	() https://www.starwindsoftware.com/security/sw-20190227-0002/ - Third Party Advisory

07 Nov 2023, 02:53

Type	Values Removed	Values Added
References	{'url': 'http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a', 'name': 'http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a', 'tags': ['Mitigation', 'Mailing List', 'Vendor Advisory'], 'refsource': 'CONFIRM'}	() http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a -

Information

Published : 2018-10-10 21:29

Updated : 2024-11-21 03:53

NVD link : CVE-2018-16738

Mitre link : CVE-2018-16738

CVE.ORG link : CVE-2018-16738

JSON object : View

Products Affected

debian

debian_linux

tinc-vpn

tinc

starwindsoftware

starwind_virtual_san

CWE

CWE-287

Improper Authentication

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2018-16738

3.7^/10

4.3^/10

Attach tags to `CVE-2018-16738`