CVE-2018-1775

Vulnerability

CVE-2018-1775 exists in the Service Assistant GUI component of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud, and IBM FlashSystem V9000 and 9100 family products [1]. All products running versions 7.5 through 8.2 are affected [1]. The vulnerability allows an authenticated user to download arbitrary files from the operating system of the device [1].

Exploitation

An attacker must have valid authentication credentials for the system [1]. No special network position is required beyond network access to the Service Assistant GUI (the CVSS vector indicates the attack vector is network-based) [1]. With those credentials, the attacker can craft requests to the Service Assistant GUI that result in downloading files outside of intended directories, such as system configuration files or other sensitive data [1].

Impact

A successful exploit results in high confidentiality impact to the system [1]. The attacker can read arbitrary files from the operating system, potentially including passwords, cryptographic keys, configuration data, or other secrets [1]. There is no impact to integrity or availability [1].

Mitigation

IBM has not released a specific patch version for this vulnerability; the advisory recommends upgrading to a supported, fixed version of code [1]. For unsupported versions, upgrading to a supported version is the recommended remediation [1]. As a workaround, IBM suggests ensuring that all users with access to the system are authenticated by an additional security system such as a firewall, although this only mitigates and does not eliminate the risk [1].