CVE: CVE-2018-3825

Export to Word

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00129
Percentile: 0.33272

CVSS Scoring

CVSS v3.0 Score: 5.9

Severity: MEDIUM

Mapped CWE(s)

CWE-1188 : Initialization of a Resource with an Insecure Default
CWE-321 : Use of Hard-coded Cryptographic Key

All CAPEC(s)

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

CAPEC(s) with Mapped TTPs

CAPEC-665: Exploitation of Thunderbolt Protection Flaws
Mapped TTPs:
- T1211 : Exploitation for Defense Evasion
- T1542.002 : Component Firmware
- T1556 : Modify Authentication Process

Mapped ATT&CK TTPs

T1211 : Exploitation for Defense Evasion
Kill Chain: defense-evasion
T1542.002 : Component Firmware
Kill Chain: persistence
T1556 : Modify Authentication Process
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

ArcaneDoor

Affected Products

cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*

← Back to Home