CVE-2017-3737

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/102103

http://www.securitytracker.com/id/1039978

https://access.redhat.com/errata/RHSA-2018:0998

https://access.redhat.com/errata/RHSA-2018:2185

https://access.redhat.com/errata/RHSA-2018:2186

https://access.redhat.com/errata/RHSA-2018:2187

https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf

https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc

https://security.gentoo.org/glsa/201712-03

https://security.netapp.com/advisory/ntap-20171208-0001/

https://security.netapp.com/advisory/ntap-20180117-0002/

https://security.netapp.com/advisory/ntap-20180419-0002/

https://www.debian.org/security/2017/dsa-4065

https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/

https://www.openssl.org/news/secadv/20171207.txt

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.tenable.com/security/tns-2017-16

Details

Source: MITRE

Published: 2017-12-07

Updated: 2019-10-03

Type: CWE-125

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
127201NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)NessusNewStart CGSL Local Security Checks
critical
124999EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)NessusHuawei Local Security Checks
high
700625MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (January 2018 CPU)Nessus Network MonitorDatabase
high
700620MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (January 2018 CPU)Nessus Network MonitorDatabase
high
700523OpenSSL 1.0.x < 1.0.2n DoSNessus Network MonitorWeb Servers
low
121905Photon OS 2.0: Openssl PHSA-2018-2.0-0010-(a)NessusPhotonOS Local Security Checks
medium
121796Photon OS 1.0: Openssl PHSA-2018-1.0-0097-(a)NessusPhotonOS Local Security Checks
medium
120014SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:0293-1)NessusSuSE Local Security Checks
critical
120012SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:0002-1)NessusSuSE Local Security Checks
critical
111908Photon OS 1.0: Openssl PHSA-2018-1.0-0097-(a) (deprecated)NessusPhotonOS Local Security Checks
medium
111600MySQL Enterprise Monitor 3.3.x < 3.3.9.3339 / 3.4.x < 3.4.7.4296 / 4.0.x < 4.0.4.5233 Multiple Vulnerabilities (April 2018 CPU)NessusCGI abuses
high
111279Photon OS 2.0 : openssl (PhotonOS-PHSA-2018-2.0-0010-(a)) (deprecated)NessusPhotonOS Local Security Checks
medium
111147RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 (RHSA-2018:2186)NessusRed Hat Local Security Checks
critical
111146RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 (RHSA-2018:2185)NessusRed Hat Local Security Checks
critical
110843EulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1179)NessusHuawei Local Security Checks
medium
109698Amazon Linux AMI : openssl (ALAS-2018-1016)NessusAmazon Linux Local Security Checks
medium
109513EulerOS 2.0 SP2 : openssl (EulerOS-SA-2018-1115)NessusHuawei Local Security Checks
medium
109455Scientific Linux Security Update : openssl on SL7.x x86_64 (20180410)NessusScientific Linux Local Security Checks
medium
109406Juniper NSM < 2012.2R14 OpenSSL Multiple Vulnerabilities (JSA10851)NessusMisc.
medium
109379CentOS 7 : openssl (CESA-2018:0998)NessusCentOS Local Security Checks
medium
109364Amazon Linux 2 : openssl (ALAS-2018-1004)NessusAmazon Linux Local Security Checks
medium
109294openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)NessusSuSE Local Security Checks
high
109165Oracle Secure Global Desktop Multiple Vulnerabilities (April 2018 CPU)NessusMisc.
high
109112Oracle Linux 7 : openssl (ELSA-2018-0998)NessusOracle Linux Local Security Checks
medium
108993RHEL 7 : openssl (RHSA-2018:0998)NessusRed Hat Local Security Checks
medium
107232AIX OpenSSL Advisory : openssl_advisory25.ascNessusAIX Local Security Checks
medium
106563Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple VulnerabilitiesNessusMisc.
medium
106547openSUSE Security Update : nodejs6 (openSUSE-2018-116)NessusSuSE Local Security Checks
critical
106507pfSense 2.3.x < 2.3.5-p1 / 2.4.x < 2.4.2-p1 Multiple Vulnerabilities (SA-17_10 / SA-17_11)NessusFirewalls
medium
106359openSUSE Security Update : mysql-community-server (openSUSE-2018-90)NessusSuSE Local Security Checks
high
106102MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (RPM Check) (January 2018 CPU)NessusDatabases
medium
106101MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (January 2018 CPU)NessusDatabases
medium
106100MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (RPM Check) (January 2018 CPU)NessusDatabases
medium
106099MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (January 2018 CPU)NessusDatabases
medium
106092SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)NessusSuSE Local Security Checks
critical
105638openSUSE Security Update : nodejs4 (openSUSE-2018-5)NessusSuSE Local Security Checks
critical
105353SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:3343-1)NessusSuSE Local Security Checks
medium
105341openSUSE Security Update : openssl (openSUSE-2017-1381)NessusSuSE Local Security Checks
medium
105329Debian DSA-4065-1 : openssl1.0 - security updateNessusDebian Local Security Checks
medium
105291OpenSSL 1.0.2 < 1.0.2n Multiple VulnerabilitiesNessusWeb Servers
medium
105263GLSA-201712-03 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
105173Ubuntu 16.04 LTS / 17.04 / 17.10 : openssl vulnerabilities (USN-3512-1)NessusUbuntu Local Security Checks
medium
105141FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (9f7a0f39-ddc0-11e7-b5af-a4badb2f4699)NessusFreeBSD Local Security Checks
medium
105113Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : openssl (SSA:2017-342-01)NessusSlackware Local Security Checks
medium
105090FreeBSD : OpenSSL -- multiple vulnerabilities (3bb451fc-db64-11e7-ac58-b499baebfeaf)NessusFreeBSD Local Security Checks
medium