CVE-2018-7268
MEDIUMMagniComp SysInfo < 10-h81 - Unauthenticated Exposure of Sensitive Information via Local File Read
Title source: llmDescription
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/542024/100/0/threaded
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/147687/MagniComp-SysInfo-Information-Exposure.html
Scores
CVSS v3
5.5
EPSS
0.0055
EPSS Percentile
42.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
magnicomp/sysinfo
< 10-h81
Published
May 21, 2018
Tracked Since
Feb 18, 2026