What is CVE-2018-1128?

CVE-2018-1128 is a high-severity vulnerability in Red Hat, Inc. Ceph, classified under Authentication Bypass by Capture-replay. CVSS score: 7.5/10. Published 2018-07-10.

How severe is CVE-2018-1128?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Red Hat, Inc. Ceph

CVE-2018-1128

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerabilit…

EPSS: 0.014 (68.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Red Hat, Inc. Ceph — versions All versions in branches master, mimic, luminous and jewel
Debian Debian_linux — versions 8.0, 9.0
Opensuse Leap — versions 15.0
Redhat Ceph
Redhat Ceph_storage — versions 3
Redhat Ceph_storage_mon — versions 2, 3
Redhat Ceph_storage_osd — versions 2, 3
Redhat Enterprise_linux — versions 7.0
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_server — versions 7.0

Weakness classification (CWE)

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2018-1128?: CVE-2018-1128 is a high-severity vulnerability in Red Hat, Inc. Ceph, classified under Authentication Bypass by Capture-replay. CVSS score: 7.5/10. Published 2018-07-10.
How severe is CVE-2018-1128?: High severity. CVSS v3 base score is 7.5 out of 10.