CVE-2011-4190
Title: Suse Suse Linux Enterprise Server Cryptographic Failures
Cryptographic Failures
Proof Of Concept
No public PoC currently indexed for CVE-2011-4190.
CWE Category
CWE-310
Published Date
Jun 08, 2018
Modified Date
Nov 21, 2024
Exploit Status
Not Found
Score
5.9
CVSS v3.0
Exploit Probability (EPSS)
0.22%
Vulnerability Summary
CVE-2011-4190: The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).
CVSS v3.0
Source Entity
[email protected]
Severity
MEDIUM
5.9
Attack Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v3.0
Source Entity
[email protected]
Severity
MEDIUM
5.3
Attack Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
Source Entity
[email protected]
Severity
LOW
3.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:M/Au:S/C:P/I:N/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2011-4190 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
NONE
CVSS Vector String
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Stack
No specific products linked.