There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).

The version of IBM Cognos Analytics installed on the remote host is affected by multiple vulnerabilities, including the following:

  - OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP_PKEY_decrypt()     function within implementation of the SM2 decryption. By sending specially crafted SM2 content, a remote     attacker could overflow a buffer and execute arbitrary code on the system or cause the application to     crash. (CVE-2021-3711)

  - Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution     in the mapValues() method. By persuading a victim to open a specially-crafted file, an attacker could     exploit this vulnerability to execute arbitrary code on the system.
    (CVE-2021-43138)

  - Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper     input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL     request containing 'dot dot' sequences (/../) to view arbitrary files on the system.
    (CVE-2021-29425)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202210-02 (OpenSSL: Multiple Vulnerabilities)

  - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to     compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In     such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent     over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across     multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites.
    This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL     1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v). (CVE-2020-1968)

  - In order to decrypt SM2 encrypted data an application is expected to call the API function     EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the     out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size     required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer     and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug     in the implementation of the SM2 decryption code means that the calculation of the buffer size required to     hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size     required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the     application a second time with a buffer that is too small. A malicious attacker who is able present SM2     content for decryption to an application could cause attacker chosen data to overflow the buffer by up to     a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing     application behaviour or causing the application to crash. The location of the buffer is application     dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
    (CVE-2021-3711)

  - ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a     buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings     which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not     a strict requirement, ASN.1 strings that are parsed using OpenSSL's own d2i functions (and other similar     parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will     additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for     applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array     by directly setting the data and length fields in the ASN1_STRING array. This can also happen by using     the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to     assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for     strings that have been directly constructed. Where an application requests an ASN.1 structure to be     printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the     application without NUL terminating the data field, then a read buffer overrun can occur. The same thing     can also occur during name constraints processing of certificates (for example if a certificate has been     directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the     certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the     X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an     application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL     functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack).
    It could also result in the disclosure of private memory contents (such as private keys, or sensitive     plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected     1.0.2-1.0.2y). (CVE-2021-3712)

  - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are     affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the     pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that     attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not     believed likely. Attacks against DH are considered just feasible (although very difficult) because most of     the work necessary to deduce information about a private key may be performed offline. The amount of     resources required for such an attack would be significant. However, for an attack on TLS to be     meaningful, the server would have to share the DH private key among multiple clients, which is no longer     an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was     addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is     addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made     available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in     OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-     dev (Affected 1.0.2-1.0.2zb). (CVE-2021-4160)

  - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop     forever for non-prime moduli. Internally this function is used when parsing certificates that contain     elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point     encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has     invalid explicit curve parameters. Since certificate parsing happens prior to verification of the     certificate signature, any process that parses an externally supplied certificate may thus be subject to a     denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they     can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients     consuming server certificates - TLS servers consuming client certificates - Hosting providers taking     certificates or private keys from customers - Certificate authorities parsing certification requests from     subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that     use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS     issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate     which makes it slightly harder to trigger the infinite loop. However any operation which requires the     public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-     signed certificate to trigger the loop during verification of the certificate signature. This issue     affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the     15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected     1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)

  - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This     script is distributed by some operating systems in a manner where it is automatically executed. On such     operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of     the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.
    Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).
    Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)

  - The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the     memory occuppied by the removed hash table entries. This function is used when decoding certificates or     keys. If a long lived process periodically decodes certificates or keys its memory usage will expand     without bounds and the process might be terminated by the operating system causing a denial of service.
    Also traversing the empty hash table entries will take increasingly more time. Typically such long lived     processes might be TLS clients or TLS servers configured to accept client certificate authentication. The     function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in     OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). (CVE-2022-1473)

  - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt     the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was     preexisting in the memory that wasn't written. In the special case of in place encryption, sixteen bytes     of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and     DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q     (Affected 1.1.1-1.1.1p). (CVE-2022-2097)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are     affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the     pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that     attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not     believed likely. Attacks against DH are considered just feasible (although very difficult) because most of     the work necessary to deduce information about a private key may be performed offline. The amount of     resources required for such an attack would be significant. However, for an attack on TLS to be     meaningful, the server would have to share the DH private key among multiple clients, which is no longer     an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was     addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is     addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made     available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in     OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-     dev (Affected 1.0.2-1.0.2zb). (CVE-2021-4160)

  - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop     forever for non-prime moduli. Internally this function is used when parsing certificates that contain     elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point     encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has     invalid explicit curve parameters. Since certificate parsing happens prior to verification of the     certificate signature, any process that parses an externally supplied certificate may thus be subject to a     denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they     can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients     consuming server certificates - TLS servers consuming client certificates - Hosting providers taking     certificates or private keys from customers - Certificate authorities parsing certification requests from     subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that     use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS     issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate     which makes it slightly harder to trigger the infinite loop. However any operation which requires the     public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-     signed certificate to trigger the loop during verification of the certificate signature. This issue     affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the     15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected     1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Nessus Network Monitor (NNM) installed on the remote host is prior to 6.0.1. It is, therefore, affected by multiple vulnerabilities in third-party software.

  Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported   version number.

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are     affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the     pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that     attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not     believed likely. Attacks against DH are considered just feasible (although very difficult) because most of     the work necessary to deduce information about a private key may be performed offline. The amount of     resources required for such an attack would be significant. However, for an attack on TLS to be     meaningful, the server would have to share the DH private key among multiple clients, which is no longer     an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was     addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is     addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made     available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in     OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-     dev (Affected 1.0.2-1.0.2zb). (CVE-2021-4160)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are     affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the     pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that     attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not     believed likely. Attacks against DH are considered just feasible (although very difficult) because most of     the work necessary to deduce information about a private key may be performed offline. The amount of     resources required for such an attack would be significant. However, for an attack on TLS to be     meaningful, the server would have to share the DH private key among multiple clients, which is no longer     an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was     addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is     addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made     available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in     OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-     dev (Affected 1.0.2-1.0.2zb). (CVE-2021-4160)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5103 advisory.

  - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are     affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the     pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that     attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not     believed likely. Attacks against DH are considered just feasible (although very difficult) because most of     the work necessary to deduce information about a private key may be performed offline. The amount of     resources required for such an attack would be significant. However, for an attack on TLS to be     meaningful, the server would have to share the DH private key among multiple clients, which is no longer     an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was     addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is     addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made     available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in     OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-     dev (Affected 1.0.2-1.0.2zb). (CVE-2021-4160)

  - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop     forever for non-prime moduli. Internally this function is used when parsing certificates that contain     elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point     encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has     invalid explicit curve parameters. Since certificate parsing happens prior to verification of the     certificate signature, any process that parses an externally supplied certificate may thus be subject to a     denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they     can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients     consuming server certificates - TLS servers consuming client certificates - Hosting providers taking     certificates or private keys from customers - Certificate authorities parsing certification requests from     subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that     use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS     issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate     which makes it slightly harder to trigger the infinite loop. However any operation which requires the     public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-     signed certificate to trigger the loop during verification of the certificate signature. This issue     affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the     15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected     1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1aaaa5c6-804d-11ec-8be6-d4c9ef517024 advisory.

  - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are     affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the     pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that     attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not     believed likely. Attacks against DH are considered just feasible (although very difficult) because most of     the work necessary to deduce information about a private key may be performed offline. The amount of     resources required for such an attack would be significant. However, for an attack on TLS to be     meaningful, the server would have to share the DH private key among multiple clients, which is no longer     an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was     addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is     addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made     available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in     OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-     dev (Affected 1.0.2-1.0.2zb). (CVE-2021-4160)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 1.0.2zc-dev. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zc-dev advisory.

  - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are     affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the     pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that     attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not     believed likely. Attacks against DH are considered just feasible (although very difficult) because most of     the work necessary to deduce information about a private key may be performed offline. The amount of     resources required for such an attack would be significant. However, for an attack on TLS to be     meaningful, the server would have to share the DH private key among multiple clients, which is no longer     an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was     addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is     addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made     available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in     OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-     dev (Affected 1.0.2-1.0.2zb). (CVE-2021-4160)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 1.1.1m. It is, therefore, affected by a vulnerability as referenced in the 1.1.1m advisory.

  - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are     affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the     pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that     attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not     believed likely. Attacks against DH are considered just feasible (although very difficult) because most of     the work necessary to deduce information about a private key may be performed offline. The amount of     resources required for such an attack would be significant. However, for an attack on TLS to be     meaningful, the server would have to share the DH private key among multiple clients, which is no longer     an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was     addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is     addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made     available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in     OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). (CVE-2021-4160)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.0.1. It is, therefore, affected by a vulnerability as referenced in the 3.0.1 advisory.

  - Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied     by a server. That function may return a negative return value to indicate an internal error (for example     out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such     as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error()     to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by     OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most     applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be     totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend     on the application but it could result in crashes, infinite loops or other similar incorrect responses.
    This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause     X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur     where a certificate does not include the Subject Alternative Name extension but where a Certificate     Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two     issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1     (Affected 3.0.0). (CVE-2021-4044)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
166606	IBM Cognos Analytics Multiple Vulnerabilities (6828527)	Nessus	CGI abuses	critical
166162	GLSA-202210-02 : OpenSSL: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
163137	EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2022-2060)	Nessus	Huawei Local Security Checks	medium
163134	EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-2032)	Nessus	Huawei Local Security Checks	medium
161211	Nessus Network Monitor < 6.0.1 Multiple Vulnerabilities (TNS-2022-10)	Nessus	Misc.	critical
160675	EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-1663)	Nessus	Huawei Local Security Checks	medium
160645	EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-1649)	Nessus	Huawei Local Security Checks	medium
160603	EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2022-1612)	Nessus	Huawei Local Security Checks	medium
160590	EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2022-1635)	Nessus	Huawei Local Security Checks	medium
159797	EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-1434)	Nessus	Huawei Local Security Checks	medium
159774	EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-1455)	Nessus	Huawei Local Security Checks	medium
158979	Debian DSA-5103-1 : openssl - security update	Nessus	Debian Local Security Checks	medium
157237	FreeBSD : OpenSSL -- BN_mod_exp incorrect results on MIPS (1aaaa5c6-804d-11ec-8be6-d4c9ef517024)	Nessus	FreeBSD Local Security Checks	medium
157231	OpenSSL 1.0.2 < 1.0.2zc-dev Vulnerability	Nessus	Web Servers	medium
157228	OpenSSL 1.1.1 < 1.1.1m Vulnerability	Nessus	Web Servers	medium
156100	OpenSSL 3.0.0 < 3.0.1 Vulnerability	Nessus	Web Servers	medium

Detections

Analytics

CVE-2021-4160

medium

Tenable Plugins

critical

critical

medium

medium

critical

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium