Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.

Published

2018-10-09T17:29:01.100

Last Modified

2024-11-21T03:49:30.373

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-77
Type: Secondary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Application	redhat	ceph_storage	2.0	Yes
Application	redhat	ceph_storage	3.0	Yes
Application	redhat	ceph-iscsi-cli	-	Yes

References

http://www.securityfocus.com/bid/105434 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/articles/3623521 Mitigation, Patch, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2837 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2838 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649 Issue Tracking, Vendor Advisory ([email protected])
https://github.com/ceph/ceph-iscsi-cli/issues/120 Exploit, Third Party Advisory ([email protected])
https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/105434 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/articles/3623521 Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2837 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2838 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ceph/ceph-iscsi-cli/issues/120 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)