Vulnerability Details CVE-2018-16738
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.9%
CVSS Severity
CVSS v3 Score 3.7
CVSS v2 Score 4.3
References
- http://tinc-vpn.org/security/
- http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
- https://www.debian.org/security/2018/dsa-4312
- https://www.starwindsoftware.com/security/sw-20190227-0002/
- http://tinc-vpn.org/security/
- http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
- https://www.debian.org/security/2018/dsa-4312
- https://www.starwindsoftware.com/security/sw-20190227-0002/
Products affected by CVE-2018-16738
-
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8
-
cpe:2.3:a:tinc-vpn:tinc:1.0.30
-
cpe:2.3:a:tinc-vpn:tinc:1.0.31
-
cpe:2.3:a:tinc-vpn:tinc:1.0.32
-
cpe:2.3:a:tinc-vpn:tinc:1.0.33
-
cpe:2.3:a:tinc-vpn:tinc:1.0.34
-
cpe:2.3:o:debian:debian_linux:9.0