Micro Focus Client for OES prior 2 SP4 IR8a ncfsd.sys memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.9 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Micro Focus Client for OES. This affects an unknown function in the library ncfsd.sys. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2018-7687. An attack has to be approached locally. There is no exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability was found in Micro Focus Client for OES and classified as problematic. This issue affects an unknown functionality in the library ncfsd.sys. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.
The bug was discovered 05/22/2018. The weakness was shared 05/21/2018 (Website). The advisory is shared at bugzilla.novell.com. The identification of this vulnerability is CVE-2018-7687 since 03/05/2018. The exploitation is known to be easy. An attack has to be approached locally. No form of authentication is needed for a successful exploitation. Technical details are known, but no exploit is available.
Upgrading to version 2 SP4 IR8a eliminates this vulnerability.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
License
Website
- Vendor: https://www.microfocus.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.0VulDB Meta Temp Score: 6.9
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CNA Base Score: 7.8
CNA Vector (SUSE): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Upgrade: Client for OES 2 SP4 IR8a
Timeline
03/05/2018 🔍05/21/2018 🔍
05/21/2018 🔍
05/22/2018 🔍
05/22/2018 🔍
03/14/2023 🔍
Sources
Vendor: microfocus.comAdvisory: bugzilla.novell.com
Status: Not defined
CVE: CVE-2018-7687 (🔍)
GCVE (CVE): GCVE-0-2018-7687
GCVE (VulDB): GCVE-100-118049
Entry
Created: 05/22/2018 08:53Updated: 03/14/2023 14:37
Changes: 05/22/2018 08:53 (56), 02/07/2020 19:11 (1), 03/14/2023 14:37 (14)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.