CVE-2018-1383
affected fileset is bos.cluster.rte, so this should be within the CAA subsystem. Probably something with guessing cluster and node id and then impersonating another node. The kind of "exploit" which only works if you already have extensive knowledge, priviledge and time within the network on your hand.