Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 6.8
References
Products affected by CVE-2018-16886
  • Etcd » Etcd » Version: 3.2.0
    cpe:2.3:a:etcd:etcd:3.2.0
  • Etcd » Etcd » Version: 3.2.1
    cpe:2.3:a:etcd:etcd:3.2.1
  • Etcd » Etcd » Version: 3.2.10
    cpe:2.3:a:etcd:etcd:3.2.10
  • Etcd » Etcd » Version: 3.2.11
    cpe:2.3:a:etcd:etcd:3.2.11
  • Etcd » Etcd » Version: 3.2.12
    cpe:2.3:a:etcd:etcd:3.2.12
  • Etcd » Etcd » Version: 3.2.13
    cpe:2.3:a:etcd:etcd:3.2.13
  • Etcd » Etcd » Version: 3.2.14
    cpe:2.3:a:etcd:etcd:3.2.14
  • Etcd » Etcd » Version: 3.2.15
    cpe:2.3:a:etcd:etcd:3.2.15
  • Etcd » Etcd » Version: 3.2.16
    cpe:2.3:a:etcd:etcd:3.2.16
  • Etcd » Etcd » Version: 3.2.17
    cpe:2.3:a:etcd:etcd:3.2.17
  • Etcd » Etcd » Version: 3.2.18
    cpe:2.3:a:etcd:etcd:3.2.18
  • Etcd » Etcd » Version: 3.2.19
    cpe:2.3:a:etcd:etcd:3.2.19
  • Etcd » Etcd » Version: 3.2.2
    cpe:2.3:a:etcd:etcd:3.2.2
  • Etcd » Etcd » Version: 3.2.20
    cpe:2.3:a:etcd:etcd:3.2.20
  • Etcd » Etcd » Version: 3.2.21
    cpe:2.3:a:etcd:etcd:3.2.21
  • Etcd » Etcd » Version: 3.2.22
    cpe:2.3:a:etcd:etcd:3.2.22
  • Etcd » Etcd » Version: 3.2.23
    cpe:2.3:a:etcd:etcd:3.2.23
  • Etcd » Etcd » Version: 3.2.24
    cpe:2.3:a:etcd:etcd:3.2.24
  • Etcd » Etcd » Version: 3.2.25
    cpe:2.3:a:etcd:etcd:3.2.25
  • Etcd » Etcd » Version: 3.2.3
    cpe:2.3:a:etcd:etcd:3.2.3
  • Etcd » Etcd » Version: 3.2.4
    cpe:2.3:a:etcd:etcd:3.2.4
  • Etcd » Etcd » Version: 3.2.5
    cpe:2.3:a:etcd:etcd:3.2.5
  • Etcd » Etcd » Version: 3.2.6
    cpe:2.3:a:etcd:etcd:3.2.6
  • Etcd » Etcd » Version: 3.2.7
    cpe:2.3:a:etcd:etcd:3.2.7
  • Etcd » Etcd » Version: 3.2.8
    cpe:2.3:a:etcd:etcd:3.2.8
  • Etcd » Etcd » Version: 3.2.9
    cpe:2.3:a:etcd:etcd:3.2.9
  • Etcd » Etcd » Version: 3.3.0
    cpe:2.3:a:etcd:etcd:3.3.0
  • Etcd » Etcd » Version: 3.3.1
    cpe:2.3:a:etcd:etcd:3.3.1
  • Etcd » Etcd » Version: 3.3.10
    cpe:2.3:a:etcd:etcd:3.3.10
  • Etcd » Etcd » Version: 3.3.2
    cpe:2.3:a:etcd:etcd:3.3.2
  • Etcd » Etcd » Version: 3.3.3
    cpe:2.3:a:etcd:etcd:3.3.3
  • Etcd » Etcd » Version: 3.3.4
    cpe:2.3:a:etcd:etcd:3.3.4
  • Etcd » Etcd » Version: 3.3.5
    cpe:2.3:a:etcd:etcd:3.3.5
  • Etcd » Etcd » Version: 3.3.6
    cpe:2.3:a:etcd:etcd:3.3.6
  • Etcd » Etcd » Version: 3.3.7
    cpe:2.3:a:etcd:etcd:3.3.7
  • Etcd » Etcd » Version: 3.3.8
    cpe:2.3:a:etcd:etcd:3.3.8
  • Etcd » Etcd » Version: 3.3.9
    cpe:2.3:a:etcd:etcd:3.3.9
  • Fedoraproject » Fedora » Version: 30
    cpe:2.3:o:fedoraproject:fedora:30
  • Redhat » Enterprise Linux Desktop » Version: 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Redhat » Enterprise Linux Server » Version: 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved