Vulnerability CVE-2018-1431

Vulnerability Name:

CVE-2018-1431 (CCN-139240)

Assigned:

2017-12-13

Published:

2018-06-11

Updated:

2019-10-09

Summary:

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2018-1431

Source: CCN
Type: IBM Security Bulletin S1012049 (Spectrum Scale)
Vulnerabilities in GSKit affect IBM Spectrum Scale (CVE-2018-1431, CVE-2017-3736, CVE-2017-3732, CVE-2016-0705 )

Source: CONFIRM
Type: Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1012049

Source: BID
Type: Third Party Advisory, VDB Entry
105546

Source: CCN
Type: BID-105546
IBM Global Security Toolkit CVE-2018-1431 Local Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
ibm-spectrum-cve20181431-priv-escalation(139240)

Source: XF
Type: VDB Entry, Vendor Advisory
ibm-spectrum-cve20181431-priv-escalation(139240)

Source: CCN
Type: IBM Security Bulletin 0716005 (Elastic Storage Server)
The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale

Source: CCN
Type: IBM Security Bulletin 731657 (DB2 for Linux, UNIX and Windows)
Vulnerabilities in GSKit affect IBM Spectrum Scale used by DB2 pureScale (CVE-2018-1431, CVE-2018-1447, CVE-2017-3732, CVE-2016-0705)

Source: CCN
Type: IBM Security Bulletin 734249 (Storwize V7000 Unified (2073))
Security Bulletin : IBM Storwize V7000 Unified is affected by multiple GSKit vulnerabilities in GPFS

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:general_parallel_file_system:*:*:*:*:*:*:*:* (Version >= 4.1.0.0 and <= 4.1.0.8)

OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 4.1.1.0 and <= 4.1.1.19)

OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 4.2.0.0 and <= 4.2.0.4)

OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 4.2.1.0 and <= 4.2.1.2)

OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 4.2.2.0 and <= 4.2.2.3)

OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 4.2.3.0 and <= 4.2.3.8)

OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 5.0.0.0 and <= 5.0.0.2)

Configuration CCN 1:

cpe:/a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:4.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:elastic_storage_server:2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK