CVE-2018-8902
First published: Fri Jun 29 2018(Updated: )
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Avalanche | >=5.3<=6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Ivanti Avalanche issue?
The vulnerability ID for this Ivanti Avalanche issue is CVE-2018-8902.
What is the severity of CVE-2018-8902?
The severity of CVE-2018-8902 is medium with a CVSS score of 6.5.
Which versions of Ivanti Avalanche are affected by CVE-2018-8902?
CVE-2018-8902 affects all versions of Ivanti Avalanche between 5.3 and 6.2.
How does CVE-2018-8902 impact the affected products?
CVE-2018-8902 allows a user with access to system databases to use the discovered key to access potentially confidential stored data in the affected products.
Is there a fix available for CVE-2018-8902?
To fix CVE-2018-8902, it is recommended to apply the latest security update or patch provided by Ivanti.
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/severity
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/ivanti
- canonical/ivanti avalanche
- version/ivanti avalanche/5.3
- version/ivanti avalanche/6.2