Vulnerability CVE-2018-10931

Vulnerability Name:

CVE-2018-10931 (CCN-148160)

Assigned:

2018-08-09

Published:

2018-08-09

Updated:

2023-02-12

Summary:

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.6 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2018-10931

Source: CCN
Type: oss-sec Mailing List, Thu, 9 Aug 2018 17:42:39 +0200
cobbler CVE-2018-10931: CobblerXMLRPCInterface exports internal only functions over XMLRPC

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mitigation, Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Cobbler Web site
Cobbler

Source: XF
Type: UNKNOWN
cobbler-cve201810931-priv-esc(148160)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201810931	V	CVE-2018-10931	2022-06-30
oval:org.opensuse.security:def:112087	P	cobbler-3.2.1.336+git.5639a3af-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:59841	P	Security update for mariadb (Moderate)	2021-12-30
oval:org.opensuse.security:def:60434	P	Security update for bcm43xx-firmware (Important)	2021-12-13
oval:org.opensuse.security:def:32222	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:32211	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:105629	P	cobbler-3.2.1.336+git.5639a3af-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:59541	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:60352	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:32129	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32118	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:60256	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:29354	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:58929	P	Security update for opensc (Moderate)	2021-03-31
oval:org.opensuse.security:def:58930	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:32279	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:60472	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:32268	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:96468	P	Security update for cobbler (Moderate)	2021-01-14
oval:org.opensuse.security:def:109815	P	Security update for cobbler (Moderate)	2021-01-14
oval:org.opensuse.security:def:103158	P	Security update for cobbler (Moderate)	2021-01-14
oval:org.opensuse.security:def:11200	P	Security update for cobbler (Moderate)	2021-01-14
oval:org.opensuse.security:def:111282	P	Security update for cobbler (Moderate)	2021-01-11
oval:org.opensuse.security:def:29307	P	Security update for spice-gtk (Important)	2020-12-16
oval:org.opensuse.security:def:31985	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27898	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:32511	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60511	P	pigz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31909	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28316	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32721	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28625	P	Security update for Image Magick	2020-12-01
oval:org.opensuse.security:def:28102	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:32627	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:58952	P	Security update for graphite2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28532	P	Security update for bind	2020-12-01
oval:org.opensuse.security:def:33409	P	Security update for cobbler (Important)	2020-12-01
oval:org.opensuse.security:def:31900	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:29318	P	Security update for compat-openssl097g	2020-12-01
oval:org.opensuse.security:def:27886	P	Security update for rubygem-rack (Moderate)	2020-12-01
oval:org.opensuse.security:def:28175	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:32655	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31995	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28570	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:27908	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:32522	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29343	P	Security update for cobbler (Important)	2020-12-01
oval:org.opensuse.security:def:28327	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:32732	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28636	P	Security update for bash	2020-12-01
oval:org.opensuse.security:def:27962	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32567	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60589	P	Security update for cobbler (Important)	2020-12-01
oval:org.opensuse.security:def:31910	P	Security update for fuse (Moderate)	2020-12-01
oval:org.opensuse.security:def:28468	P	Security update for xorg-x11-libXrender (Moderate)	2020-12-01
oval:org.opensuse.security:def:33359	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27896	P	Security update for tidy (Low)	2020-12-01
oval:org.opensuse.security:def:28669	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28186	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32666	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59108	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:28581	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:31911	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:60140	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:27887	P	Security update for rubygem-rack-1_4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32355	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:60561	P	update-alternatives on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28232	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:32677	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28609	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:27972	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32578	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28479	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:33370	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:31899	P	Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:59656	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:28680	P	Security update for flash-player	2020-12-01
oval:org.opensuse.security:def:28091	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:32616	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31921	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:28521	P	Security update for openvpn-openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:33398	P	Security update for cobbler (Important)	2020-12-01
oval:org.opensuse.security:def:27897	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32366	P	Security update for supportutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:28243	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32688	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59360	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:28620	P	Security update for xorg-x11-libXt	2020-12-01
oval:org.opensuse.security:def:83855	P	Security update for cobbler (Important)	2018-08-30
oval:com.ubuntu.trusty:def:201810931000	V	CVE-2018-10931 on Ubuntu 14.04 LTS (trusty) - medium.	2018-08-09
oval:com.ubuntu.xenial:def:201810931000	V	CVE-2018-10931 on Ubuntu 16.04 LTS (xenial) - medium.	2018-08-09
oval:com.ubuntu.xenial:def:2018109310000000	V	CVE-2018-10931 on Ubuntu 16.04 LTS (xenial) - medium.	2018-08-09

BACK