CVE-2018-11050
Summary
| CVE | CVE-2018-11050 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-01 06:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user. |
Risk And Classification
Problem Types: CWE-319 | CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dell | Emc Networker | 18.1.0.1 | All | All | All |
| Application | Dell | Emc Networker | 18.1.0.1 | All | All | All |
| Application | Dell | Emc Networker | All | All | All | All |
| Application | Dell | Emc Networker | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| EMC NetWorker AMQP Flaw Lets Remote Users Monitoring the Network Obtain Passwords - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Full Disclosure: DSA-2018-120: Dell EMC NetWorker Clear-Text authentication over network vulnerability | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Dell EMC NetWorker CVE-2018-11050 Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.