CVE-2019-11495

In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.couchbase.com/resources/security#SecurityAlerts	Broken Link Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:couchbase:couchbase_server:5.1.1:*:*:*:*:*:*:*

History

10 Feb 2024, 02:54

Type	Values Removed	Values Added
References	~~(MISC) https://www.couchbase.com/resources/security#SecurityAlerts - Vendor Advisory~~	(MISC) https://www.couchbase.com/resources/security#SecurityAlerts - Broken Link, Vendor Advisory

Information

Published : 2019-09-10 18:15

Updated : 2024-02-28 17:08

NVD link : CVE-2019-11495

Mitre link : CVE-2019-11495

CVE.ORG link : CVE-2019-11495

JSON object : View

Products Affected

couchbase

couchbase_server

CWE

CWE-335

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

{"id": "CVE-2019-11495", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-09-10T18:15:12.463", "references": [{"url": "https://www.couchbase.com/resources/security#SecurityAlerts", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-335"}]}], "descriptions": [{"lang": "en", "value": "In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0."}, {"lang": "es", "value": "En Couchbase Server versi\u00f3n 5.1.1, la cookie utilizada para la comunicaci\u00f3n dentro del nodo no se genera de forma segura. Couchbase Server usa erlang:now() para generar el PRNG, lo que da como resultado un peque\u00f1o espacio de b\u00fasqueda de posibles semillas aleatorias que luego podr\u00edan usarse para realizar un ataque de fuerza bruta sobre la cookie y ejecutar el c\u00f3digo contra un sistema remoto. Esto se ha solucionado en la versi\u00f3n 6.0.0."}], "lastModified": "2024-02-10T02:54:05.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58E4463C-BC06-4031-B659-DC5A0721CC81"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}