CVE-2017-15918

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.

CVSS v3 7.8 HIGH
CVSS v2.0 2.1 LOW

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://m4.rkw.io/blog/cve201715918-sera-12-local-root-privesc-and-password-disclosure.html	Exploit Third Party Advisory
https://www.exploit-db.com/exploits/43221/	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ignitum:sera:1.2:::::iphone_os::
	cpe:2.3:a:ignitum:sera:1.2:::::mac_os_x::

History

No history.

Information

Published : 2017-11-01 17:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-15918

Mitre link : CVE-2017-15918

CVE.ORG link : CVE-2017-15918

JSON object : View

Products Affected

ignitum

sera

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2017-15918", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-11-01T17:29:00.353", "references": [{"url": "https://m4.rkw.io/blog/cve201715918-sera-12-local-root-privesc-and-password-disclosure.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/43221/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks."}, {"lang": "es", "value": "Sera 1.2 almacena la contrase\u00f1a del usuario en texto plano en su directorio de usuario. Esto facilita el escalado de privilegios y expone, asimismo, el usuario y las cadenas de claves del sistema a atacantes locales."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ignitum:sera:1.2:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "BE43FE90-4E40-46C8-B2CA-BE738C116BF6"}, {"criteria": "cpe:2.3:a:ignitum:sera:1.2:*:*:*:*:mac_os_x:*:*", "vulnerable": true, "matchCriteriaId": "14A77631-06A7-421E-9DFA-4CC102D24176"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}