CVE-2018-6445

{"id": "CVE-2018-6445", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-01-22T17:29:00.410", "references": [{"url": "https://security.netapp.com/advisory/ntap-20190411-0005/", "tags": ["Third Party Advisory"], "source": "sirt@brocade.com"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-25655", "source": "sirt@brocade.com"}, {"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-745", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords."}, {"lang": "es", "value": "Una vulnerabilidad en Brocade Network Advisor, en versiones anteriores a la 14.0.3, podr\u00eda permitir a un atacante remoto no autenticado exportar la base de datos del usuario actual que incluye las contrase\u00f1as cifradas (no hasheadas) de los sistemas. El atacante podr\u00eda obtener acceso al sistema de Brocade Network Advisor despu\u00e9s de extraer/descifrar las contrase\u00f1as."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5295A4EC-6805-4D7D-B52E-087273B70595", "versionEndExcluding": "14.0.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:brocade_network_advisor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFD0457F-30E5-4AD4-9281-8344CF2B009E"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}