Static Linux Random Number Generator Vulnerability in Pivotal Operations Manager
CVE-2018-11045

5.9MEDIUM

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
11 July 2018

What is CVE-2018-11045?

Pivotal Operations Manager contains a vulnerability related to a static Linux Random Number Generator (LRNG) seed file included in specific appliance images. This issue allows an attacker with knowledge of the running OpsManager version and associated Infrastructure as a Service (IaaS) environment to retrieve the corresponding seed from the published image. By accessing this seed, the attacker could potentially predict the initial state of the LRNG, posing serious security risks to the system.

Affected Version(s)

Pivotal Operations Manager 2.1 < 2.1.6

Pivotal Operations Manager 2.0 < 2.0.15

Pivotal Operations Manager 1.12 < 1.12.22

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.