CVE-2018-7268

MEDIUM

MagniComp SysInfo < 10-h81 - Unauthenticated Exposure of Sensitive Information via Local File Read

Title source: llm
STIX 2.1

Description

MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/542024/100/0/threaded

Scores

CVSS v3 5.5
EPSS 0.0055
EPSS Percentile 42.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
magnicomp/sysinfo < 10-h81
Published May 21, 2018
Tracked Since Feb 18, 2026