CVE CVE-2018-11045 Mappings

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2018-11045 Pivotal Operations Manager primary_impact T1078 Valid Accounts
CVE-2018-11045 Pivotal Operations Manager exploitation_technique T1110 Brute Force