CVE-2018-6695

SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
trellixCNA
6.1 MEDIUM
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
mcafeethreat_intelligence_exchange_server
2.0.0 ≤
𝑥
≤ 2.0.1
mcafeethreat_intelligence_exchange_server
2.1.0 ≤
𝑥
≤ 2.1.1
mcafeethreat_intelligence_exchange_server
1.3.0
mcafeethreat_intelligence_exchange_server
2.2.0
𝑥
= Vulnerable software versions
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10253
https://kc.mcafee.com/corporate/index?page=content&id=SB10253