PT-2018-17718 · Mcafee · Tie Server

Published

2018-10-03

Updated

2020-09-29

CVE-2018-6695

CVSS v3.1

6.1

Medium

Vector

AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions McAfee Threat Intelligence Exchange Server (TIE Server) versions 1.3.0, 2.0.x, 2.1.x, 2.2.0

Description The issue allows man-in-the-middle attackers to spoof servers by acquiring keys from another environment, due to a vulnerability in SSH host keys generation in the server.

Recommendations For version 1.3.0, update to a version that includes a fix for the SSH host keys generation vulnerability. For versions 2.0.x, 2.1.x, and 2.2.0, update to a version that includes a fix for the SSH host keys generation vulnerability. As a temporary workaround, consider restricting access to the SSH server to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-6695

Affected Products

Tie Server

PT-2018-17718 · Mcafee · Tie Server

CVE-2018-6695

Related Identifiers

Affected Products

References · 3