Vulnerability Description
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Redhat | Ceph Storage | 2.0 |
| Redhat | Ceph-Iscsi-Cli | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105434Third Party AdvisoryVDB Entry
- https://access.redhat.com/articles/3623521MitigationPatchVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2837Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2838Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649Issue TrackingVendor Advisory
- https://github.com/ceph/ceph-iscsi-cli/issues/120ExploitThird Party Advisory
- https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7PatchVendor Advisory
- http://www.securityfocus.com/bid/105434Third Party AdvisoryVDB Entry
- https://access.redhat.com/articles/3623521MitigationPatchVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2837Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2838Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649Issue TrackingVendor Advisory
- https://github.com/ceph/ceph-iscsi-cli/issues/120ExploitThird Party Advisory
- https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7PatchVendor Advisory
FAQ
What is CVE-2018-14649?
CVE-2018-14649 is a vulnerability with a CVSS score of 9.8 (CRITICAL). It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api prov...
How severe is CVE-2018-14649?
CVE-2018-14649 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-14649?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Redhat Ceph Storage, Redhat Ceph-Iscsi-Cli.