Information disclosure in D-Link DIR-620



Published: 2018-11-05
Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2018-3646
CWE-ID CWE-200
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU15451

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3646

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists on the systems with microprocessors utilizing speculative execution and address translations due to an error in Hypervisor. An adjacent attacker can access information residing in the L1 data cache via a terminal page fault and a side-channel analysis.

Mitigation

Update to version 10.14.1.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.6 17G66

External links

http://support.apple.com/en-us/HT209193


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###