OpenSSL ChangeCipherSpec Dashboard

by Michael Willison
June 6, 2014

As new threats emerge in networks, SecurityCenter customers are able to properly identify risk. This dashboard identifies systems vulnerable to the new OpenSSL ChangeCipherSpec vulnerability.  The dashboard and its components are available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The dashboard can be easily located in the SecurityCenter Feed by selecting category Security Industry Trends, and then selecting tags SSL and Vulnerabilities. The dashboard requirements are: 

  • SecurityCenter 4.8.1
  • Nessus 5.2.6
  • LCE 4.2.2
  • PVS 4.0.2

This dashboard provides SecurityCenter customers with a good summary of the new vulnerabilities recently discovered within OpenSSL.  There are six CVEs related to this new vulnerability. They are:

  • CVE-2014-0224 - SSL/TLS MITM Vulnerability
  • CVE-2014-0221 - DTLS recursion flaw
  • CVE-2014-0195 - DTLS invalid fragment vulnerability
  • CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
  • CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection
  • CVE-2014-3470 - Anonymous ECDH Denial of Service

This dashboard contains four components, three of which focus on the six CVEs related to the OpenSSL ChangeCipherSpec vulnerability. The remaining component focuses on OpenSSL vulnerabilities.

OpenSSL ChangeCipherSpec - Indicators: This component provides an overview of OpenSSL vulnerabilities and the related ChangeCipherSpec vulnerabilities.  There are three columns, one for each vulnerability type (active, passive, event).  Each column has an indicator for the six CVEs related to OpenSSL ChangeCipherSpec vulnerability, and one indicator for all OpenSSL related vulnerabilities.  The active and passive indicators will turn red, signifying immediate action should be taken, while the event vulnerabilities are orange and signify that administrators should investigate the true severity of the event.

OpenSSL ChangeCipherSpec - Vulnerable Hosts: This component provides a table of all the systems vulnerable to the six CVEs related to OpenSSL ChangeCipherSpec.

OpenSSL ChangeCipherSpec - Subnet Summary: This component provides a chart showing the count per subnet of all the systems vulnerable to the six CVEs related to OpenSSL ChangeCipherSpec.

OpenSSL ChangeCipherSpec - OpenSSL Vulnerability 7 Day Trends: This component provides a chart showing a 7 day trend analysis of systems with OpenSSL vulnerabilities, with a separate trend line for each plugin type.