6.8
CVSSv2

CVE-2018-12551

Published: 27/03/2019 Updated: 28/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in Eclipse Mosquitto could allow an authenticated, remote malicious user to bypass authentication restrictions on a targeted system. The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An attacker could exploit this vulnerability by configuring a password file for authentication with malformed data that becomes a valid username without a password on the targeted system. A successful exploit could allow the malicious user to bypass authentication restrictions on the targeted system. Eclipse has confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
EclipseMosquitto1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.90, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5

Vendor Advisories

Debian Bug report logs - #921976 mosquitto: CVE-2018-12546 CVE-2018-12550 CVE-2018-12551 Package: src:mosquitto; Maintainer for src:mosquitto is Roger A Light <roger@atchooorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 10 Feb 2019 19:57:01 UTC Severity: grave Tags: security, upstream Found ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4388-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff February 10, 2019 wwwdebianorg/security/faq ...