Multiple vulnerabilities in IBM QRadar Network Packet Capture
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
IBM QRadar Network Packet Capture Web applications / Other software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU9884
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-5753
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Packet Capture: before 7.2.8 Patch 1
CPE2.3 External links
http://www.ibm.com/support/pages/node/571419
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Information disclosure
EUVDB-ID: #VU9883
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-5715
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Packet Capture: before 7.2.8 Patch 1
CPE2.3 External links
http://www.ibm.com/support/pages/node/571419
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Information disclosure
EUVDB-ID: #VU9882
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-5754
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Packet Capture: before 7.2.8 Patch 1
CPE2.3 External links
http://www.ibm.com/support/pages/node/571419
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
