Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSL ChangeCipherSpec Dashboard

by Michael Willison
June 6, 2014

As new threats emerge in networks, SecurityCenter customers are able to properly identify risk. This dashboard identifies systems vulnerable to the new OpenSSL ChangeCipherSpec vulnerability.  The dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Security Industry Trends.

The dashboard requirements are:

  • SecurityCenter 4.8.1
  • Nessus 5.2.6
  • LCE 4.2.2
  • PVS 4.0.2

This dashboard provides SecurityCenter customers with a good summary of the new vulnerabilities recently discovered within OpenSSL.  There are six CVEs related to this new vulnerability. They are:

  • CVE-2014-0224 - SSL/TLS MITM Vulnerability
  • CVE-2014-0221 - DTLS recursion flaw
  • CVE-2014-0195 - DTLS invalid fragment vulnerability
  • CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
  • CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection
  • CVE-2014-3470 - Anonymous ECDH Denial of Service

This dashboard contains four components, three of which focus on the six CVEs related to the OpenSSL ChangeCipherSpec vulnerability. The remaining component focuses on OpenSSL vulnerabilities.

OpenSSL ChangeCipherSpec - Indicators: This component provides an overview of OpenSSL vulnerabilities and the related ChangeCipherSpec vulnerabilities.  There are three columns, one for each vulnerability type (active, passive, event).  Each column has an indicator for the six CVEs related to OpenSSL ChangeCipherSpec vulnerability, and one indicator for all OpenSSL related vulnerabilities.  The active and passive indicators will turn red, signifying immediate action should be taken, while the event vulnerabilities are orange and signify that administrators should investigate the true severity of the event.

OpenSSL ChangeCipherSpec - Vulnerable Hosts: This component provides a table of all the systems vulnerable to the six CVEs related to OpenSSL ChangeCipherSpec.

OpenSSL ChangeCipherSpec - Subnet Summary: This component provides a chart showing the count per subnet of all the systems vulnerable to the six CVEs related to OpenSSL ChangeCipherSpec.

OpenSSL ChangeCipherSpec - OpenSSL Vulnerability 7 Day Trends: This component provides a chart showing a 7 day trend analysis of systems with OpenSSL vulnerabilities, with a separate trend line for each plugin type.