Vulnerability Name:

CVE-2017-5186 (CCN-128630)

Assigned:2017-04-27
Published:2017-04-27
Updated:2019-10-03
Summary:Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-327
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-5186

Source: CONFIRM
Type: Permissions Required
https://bugzilla.novell.com/show_bug.cgi?id=1019041

Source: CONFIRM
Type: Permissions Required
https://bugzilla.novell.com/show_bug.cgi?id=1019789

Source: CONFIRM
Type: Permissions Required
https://bugzilla.novell.com/show_bug.cgi?id=988749

Source: XF
Type: UNKNOWN
novell-cve20175186-weak-security(128630)

Source: CCN
Type: Novell Document ID: 3426981
History of Issues Resolved in eDirectory 8.8.x

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://www.novell.com/support/kb/doc.php?id=3426981

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://www.novell.com/support/kb/doc.php?id=7010166

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://www.novell.com/support/kb/doc.php?id=7016794

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://www.novell.com/support/kb/doc.php?id=7016795

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netiq:edirectory:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:netiq:edirectory:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:netiq:edirectory:9.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:netiq:imanager:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:netiq:imanager:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:netiq:imanager:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:*:sp8_patch9:*:*:*:*:*:* (Version <= 8.8)
  • OR cpe:/a:novell:imanager:*:sp7_patch8:*:*:*:*:*:* (Version <= 2.7)

    • Configuration CCN 1:
  • cpe:/a:novell:edirectory:8.8:*:*:*:*:*:*:*
  • OR cpe:/a:novell:imanager:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:netiq:imanager:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:netiq:edirectory:9.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netiq edirectory 9.0
    netiq edirectory 9.0.1
    netiq edirectory 9.0.2
    netiq imanager 3.0
    netiq imanager 3.0.1
    netiq imanager 3.0.2
    novell edirectory * sp8_patch9
    novell imanager * sp7_patch8
    novell edirectory 8.8
    novell imanager 2.7
    netiq imanager 3.0
    netiq edirectory 9.0.2