SB2018011210 - Multiple vulnerabilities in Flexence DiskBoss
Published: January 12, 2018
Security Bulletin ID
SB2018011210
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2017-15665)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists the Control Protocol due to improper access control. A remote attacker can submit a specially crafted SERVER_GET_INFO packet to control port 8094 and cause the service to crash.
2) Man-in-the-middle attack (CVE-ID: CVE-2018-5261)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session. A remote attacker can conduct man-in-the-middle attack and gain access to potentially sensitive information, such as the authentication credentials.
Remediation
Install update from vendor's website.