Sign-up

ID

VAR-201810-0111


CVE

CVE-2018-15766


TITLE

Dell Encryption and Endpoint Security Suite Enterprise Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-013665

DESCRIPTION

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified. An attacker could exploit this vulnerability to compromise an affected system

Trust: 1.71

sources: NVD: CVE-2018-15766 // JVNDB: JVNDB-2018-013665 // VULHUB: VHN-126058

AFFECTED PRODUCTS

vendor:dellmodel:endpoint security suite enterprisescope:ltversion:2.0.1

Trust: 1.8

vendor:dellmodel:encryptionscope:ltversion:10.0.1

Trust: 1.0

vendor:dellmodel:encryption enterprisescope:ltversion:10.0.1

Trust: 0.8

sources: JVNDB: JVNDB-2018-013665 // NVD: CVE-2018-15766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15766
value: HIGH

Trust: 1.0

NVD: CVE-2018-15766
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-560
value: HIGH

Trust: 0.6

VULHUB: VHN-126058
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15766
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-126058
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15766
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-126058 // JVNDB: JVNDB-2018-013665 // CNNVD: CNNVD-201810-560 // NVD: CVE-2018-15766

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.1

problemtype:CWE-254

Trust: 0.8

sources: VULHUB: VHN-126058 // JVNDB: JVNDB-2018-013665 // NVD: CVE-2018-15766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-560

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201810-560

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013665

PATCH
title:Dell Encryption and Dell Endpoint Security Suite Enterprise Security Policy Overwrite Vulnerabilityurl:https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en
Trust: 0.8
title:Dell Encryption  and Endpoint Security Suite Enterprise Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85682
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013665 // 
            
            
            
            CNNVD: CNNVD-201810-560

EXTERNAL IDS
db:NVDid:CVE-2018-15766
Trust: 2.5
db:JVNDBid:JVNDB-2018-013665
Trust: 0.8
db:CNNVDid:CNNVD-201810-560
Trust: 0.7
db:VULHUBid:VHN-126058
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126058 // 
            
            
            
            JVNDB: JVNDB-2018-013665 // 
            
            
            
            CNNVD: CNNVD-201810-560 // 
            
            
            
            NVD: CVE-2018-15766

REFERENCES
url:https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15766
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15766
Trust: 0.8
sources:
            
            
            VULHUB: VHN-126058 // 
            
            
            
            JVNDB: JVNDB-2018-013665 // 
            
            
            
            CNNVD: CNNVD-201810-560 // 
            
            
            
            NVD: CVE-2018-15766

SOURCES
db:VULHUBid:VHN-126058
db:JVNDBid:JVNDB-2018-013665
db:CNNVDid:CNNVD-201810-560
db:NVDid:CVE-2018-15766

LAST UPDATE DATE
2024-11-23T22:21:55.402000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126058date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-013665date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-560date:2020-10-23T00:00:00
db:NVDid:CVE-2018-15766date:2024-11-21T03:51:25.820

SOURCES RELEASE DATE
db:VULHUBid:VHN-126058date:2018-10-11T00:00:00
db:JVNDBid:JVNDB-2018-013665date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-560date:2018-10-12T00:00:00
db:NVDid:CVE-2018-15766date:2018-10-11T19:29:00.230