Thursday, 6 July 2017

On 00:10 by admin in    No comments
A vulnerability, which was classified as critical, has been found in IBM Security Guardium 10.0/10.1. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability.

The weakness was presented 07/05/2017. The advisory is shared for download at ibm.com. The identification of this vulnerability is CVE-2017-1258 since 11/30/2016. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 07/06/2017).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

CVSSv3

VulDB Base Score≈5.5
VulDB Temp Score≈5.5
VulDB VectorCVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
VulDB Reliability: Low

CVSSv2

VulDB Base Score≈4.1 (CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P)
VulDB Temp Score≈4.1 (CVSS2#E:ND/RL:ND/RC:ND)
VulDB Reliability: Medium


CPE
  • cpe:/a:ibm:security_guardium:10.0
  • cpe:/a:ibm:security_guardium:10.1

Exploiting

Class: Privilege escalation (CWE-269)
Local: Yes
Remote: No

Availability: No

Price Prediction: steady
Current Price Estimation

0-Day$0-$5k$5k-$25k$25k-$100k$100k-$500k
Today$0-$5k$5k-$25k$25k-$100k$100k-$500k
Countermeasures

Recommended: no mitigation known
0-Day Time: 0 days since found

Timeline

11/30/2016   CVE assigned
07/05/2017  +217 days Advisory disclosed
07/06/2017  +1 days VulDB entry created
07/06/2017  +0 days VulDB last update

Sources

Advisoryibm.com

CVE: CVE-2017-1258 (mitre.org) (nvd.nist.org) (cvedetails.com)

0 comments:

Post a comment