A vulnerability was found in Elastic Cloud Enterprise up to 1.1.3 (Cloud Software). It has been classified as critical. Affected is an unknown function of the component Master Encryption Key. The manipulation with an unknown input leads to a cryptographic issues vulnerability. CWE is classifying the issue as CWE-310. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.

The bug was discovered 06/13/2018. The weakness was presented 09/19/2018 (Website). The advisory is available at discuss.elastic.co. This vulnerability is traded as CVE-2018-3825 since 01/01/2018. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1600 by the MITRE ATT&CK project.

The vulnerability was handled as a non-public zero-day exploit for at least 98 days. During that time the estimated underground price was around $0-$5k.

Upgrading to version 1.1.4 eliminates this vulnerability.

Productinfo

Type

• Cloud Software

Name

• Elastic Cloud Enterprise

Version

• 1.1.0
• 1.1.1
• 1.1.2
• 1.1.3

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion