CVE-2018-11338

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable.

Intuit Lacerte 2017 para Windows en un entorno cliente/servidor transfiere la lista completa de clientes en texto claro por SMB, lo que permite que los atacantes (1) obtengan información sensible rastreando la web o (2) lleven a cabo ataques Man-in-the-Middle (MitM) mediante vectores sin especificar. La lista de clientes contiene, de cada cliente, el nombre completo, número de la Seguridad Social (SSN), dirección, puesto de trabajo, número de teléfono, dirección de email, teléfono/email del cónyuge, además de otro tipo de información sensible. Una vez el software cliente se autentica en la base de datos del servidor, el servidor envía la lista de clientes. No se necesita más explotación, ya que se exponen todos los datos sensibles. La vulnerabilidad fue validada en Intuit Lacerte 2017, aunque otras versiones de Lacerte podrían ser también vulnerables.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-05-21 CVE Reserved
2018-07-31 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-319: Cleartext Transmission of Sensitive Information

CAPEC

References (2)

URL	Tag	Source
https://corporateblue.com/your-taxes-are-being-leaked	Third Party Advisory
https://www.themikewylie.com/intuit-lacerte-vulnerability-and-data-exposure-cve-2018-11338-cve-2018-14833	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Intuit Search vendor "Intuit"		Lacerte Search vendor "Intuit" for product "Lacerte"				<= 2017 Search vendor "Intuit" for product "Lacerte" and version " <= 2017"		windows		Affected