CVE-2017-8444 - Cryptographic Issues vulnerability in Elasticsearch Cloud Enterprise 1.0.0/1.0.1

Publication

2017-09-29

Last modification

2017-10-10

Summary

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.

Classification

CWE-310 - Cryptographic Issues

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:N/A:N)

Medium

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Elasticsearch Cloud Enterprise  1.0.1 , 1.0.0