Detections
Analytics

IBM San Volume Controller / Storwize / FlashSystem Arbitrary File Read (CVE-2018-1775)

medium Nessus Plugin ID 125897

Language:

Synopsis

The remote host is affected by a arbitrary file read vulnerability.

Description

According to its self-reported version number, the IBM San Volume Controller, Storwize or FlashSystem is vulnerable to an arbitrary file read vulnerability which exists in the service assistant GUI. An authenticated, remote attacker can exploit this, to read arbitrary files and disclose sensitive information.

Solution

Upgrade to a firmware version 7.8.1.8, 8.1.3.3, 8.2.0.0, 8.2.1.0 or later.

See Also

https://www-01.ibm.com/support/docview.wss?uid=ibm10872486

Plugin Details

Severity: Medium

ID: 125897

File Name: ibm_storwize_CVE-2018-1775.nasl

Version: 1.2

Type: remote

Family: Misc.

Published: 6/14/2019

Updated: 10/18/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2018-1775

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:san_volume_controller_software, cpe:/a:ibm:storwize_v5000_software, cpe:/a:ibm:storwize_v7000_software, cpe:/o:ibm:flashsystem_v9000_firmware

Exploit Ease: No known exploits are available

Patch Publication Date: 2/25/2019

Vulnerability Publication Date: 2/25/2019

Reference Information

CVE: CVE-2018-1775

BID: 107187

IAVA: 2019-A-0190