The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle (MiTM) attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake.

This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic.

OpenSSL 1.0.1 is known to be exploitable. OpenSSL 0.9.8 and 1.0.0 are not known to be vulnerable; however, the OpenSSL team has advised that users of these older versions upgrade as a precaution. This plugin detects and reports all versions of OpenSSL that are potentially exploitable.

Note that Nessus has only tested for an SSL/TLS MiTM vulnerability (CVE-2014-0224). However, Nessus has inferred that the OpenSSL service on the remote host is also affected by six additional vulnerabilities that were disclosed in OpenSSL's June 5th, 2014 security advisory :

  - An error exists in the 'ssl3_read_bytes' function     that permits data to be injected into other sessions     or allows denial of service attacks. Note that this     issue is exploitable only if SSL_MODE_RELEASE_BUFFERS     is enabled. (CVE-2010-5298)

  - An error exists related to the implementation of the     Elliptic Curve Digital Signature Algorithm (ECDSA) that     allows nonce disclosure via the 'FLUSH+RELOAD' cache     side-channel attack. (CVE-2014-0076)

  - A buffer overflow error exists related to invalid DTLS     fragment handling that permits the execution of     arbitrary code or allows denial of service attacks.
    Note that this issue only affects OpenSSL when used     as a DTLS client or server. (CVE-2014-0195)

  - An error exists in the 'do_ssl3_write' function that     permits a NULL pointer to be dereferenced, which could     allow denial of service attacks. Note that this issue     is exploitable only if SSL_MODE_RELEASE_BUFFERS is     enabled. (CVE-2014-0198)

  - An error exists related to DTLS handshake handling that     could allow denial of service attacks. Note that this     issue only affects OpenSSL when used as a DTLS client.
    (CVE-2014-0221)

  - An error exists in the 'dtls1_get_message_fragment'     function related to anonymous ECDH cipher suites. This     could allow denial of service attacks. Note that this     issue only affects OpenSSL TLS clients. (CVE-2014-3470)

OpenSSL did not release individual patches for these vulnerabilities, instead they were all patched under a single version release. Note that the service will remain vulnerable after patching until the service or host is restarted.

The remote host appears to be running IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.3. It is, therefore, affected by the following vulnerabilities :

  - A flaw exists in the Elliptic Curve Digital Signature     Algorithm implementation which could allow a malicious     process to recover ECDSA nonces.
    (CVE-2014-0076, PI19700)

  - A denial of service flaw exists in the 'mod_log_config'     when logging a cookie with an unassigned value. A remote     attacker, using a specially crafted request, can cause     the program to crash. (CVE-2014-0098, PI13028)

  - A denial of service flaw exists within the IBM Security     Access Manager for Web with the Reverse Proxy component.
    This could allow a remote attacker, using specially     crafted TLS traffic, to cause the application on the     system to become unresponsive. (CVE-2014-0963, PI17025)

  - An information disclosure flaw exists when handling SOAP     responses. This could allow a remote attacker to     potentially gain access to sensitive information.
    (CVE-2014-0965, PI11434)

  - An information disclosure flaw exists. A remote     attacker, using a specially crafted URL, could gain     access to potentially sensitive information.
    (CVE-2014-3022, PI09594)

  - A flaw exists within the 'addFileRegistryAccount'     Virtual Member Manager SPI Admin Task, which creates     improper accounts. This could allow a remote attacker     to bypass security checks. (CVE-2014-3070, PI16765)

  - An unspecified information disclosure flaw exists. This     could allow a remote attacker access to gain sensitive     information. (CVE-2014-3083, PI17768)

  - An information disclosure flaw exists within the     'share/classes/sun/security/rsa/RSACore.java' class     related to 'RSA blinding' caused during operations using     private keys and measuring timing differences. This     could allow a remote attacker to gain information about     used keys. (CVE-2014-4244)

  - A flaw exists within the 'validateDHPublicKey' function     in the 'share/classes/sun/security/util/KeyUtil.java'     class which is triggered during the validation of     Diffie-Hellman public key parameters. This could allow a     remote attacker to recover a key. (CVE-2014-4263)

  - A flaw exists within the Load Balancer for IPv4     Dispatcher component. This could allow a remote attacker     to crash the Load Balancer. (CVE-2014-4764, PI21189)

  - A flaw exists within the Liberty Repository when     installing features. This could allow an authenticated     remote attacker to install and execute arbitrary code.
    (CVE-2014-4767, PI21284)

The remote Cisco device is running a version of NX-OS software that is affected by multiple vulnerabilities in the bundled OpenSSL library :

  - An error exists in the function 'ssl3_read_bytes'     that could allow data to be injected into other     sessions or allow denial of service attacks. Note     this issue is only exploitable if     'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)

  - An error exists related to the implementation of the     Elliptic Curve Digital Signature Algorithm (ECDSA) that     could allow nonce disclosure via the 'FLUSH+RELOAD'     cache side-channel attack. (CVE-2014-0076)

  - A buffer overflow error exists related to invalid DTLS     fragment handling that could lead to execution of     arbitrary code. Note this issue only affects OpenSSL     when used as a DTLS client or server. (CVE-2014-0195)

  - An error exists in the function 'do_ssl3_write' that     could allow a NULL pointer to be dereferenced leading     to denial of service attacks. Note this issue is     exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is     enabled. (CVE-2014-0198)

  - An error exists related to DTLS handshake handling that     could lead to denial of service attacks. Note this     issue only affects OpenSSL when used as a DTLS client.
    (CVE-2014-0221)

  - An unspecified error exists that could allow an     attacker to cause usage of weak keying material     leading to simplified man-in-the-middle attacks.
    (CVE-2014-0224)

  - An unspecified error exists related to anonymous ECDH     ciphersuites that could allow denial of service     attacks. Note this issue only affects OpenSSL TLS     clients. (CVE-2014-3470)

  - An integer underflow condition exists in the     EVP_DecodeUpdate() function due to improper validation     of base64 encoded input when decoding. This allows a     remote attacker, using maliciously crafted base64 data,     to cause a segmentation fault or memory corruption,     resulting in a denial of service or possibly the     execution of arbitrary code. (CVE-2015-0292)

According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1g. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :

  - An error exists related to the implementation of the     Elliptic Curve Digital Signature Algorithm (ECDSA) that     could allow nonce disclosure via the 'FLUSH+RELOAD'     cache side-channel attack. (CVE-2014-0076)

  - An out-of-bounds read error, known as the 'Heartbleed     Bug', exists related to handling TLS heartbeat     extensions that could allow an attacker to obtain     sensitive information such as primary key material,     secondary key material and other protected content.
    (CVE-2014-0160)

The installed version of VMware Workstation 10.x is prior to 10.0.2.
It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library :

  - An error exists related to the implementation of the     Elliptic Curve Digital Signature Algorithm (ECDSA) that     could allow nonce disclosure via the 'FLUSH+RELOAD'     cache side-channel attack. (CVE-2014-0076)

  - An out-of-bounds read error, known as the 'Heartbleed     Bug', exists related to handling TLS heartbeat     extensions that could allow an attacker to obtain     sensitive information such as primary key material,     secondary key material and other protected content.
    (CVE-2014-0160)

a. Information Disclosure vulnerability in OpenSSL third-party library

   The OpenSSL library is updated to version openssl-1.0.1g to    resolve multiple security issues.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has    assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.

   CVE-2014-0160 is known as the Heartbleed issue. More information    on this issue may be found in the reference section.

   To remediate the issue for products that have updated versions or    patches available, perform these steps: 

     * Deploy the VMware product update or product patches
     * Replace certificates per the product-specific documentation
     * Reset passwords per the product-specific documentation

   Section 4 lists product-specific references to installation    instructions and certificate management documentation.

The version of VMware Horizon Workspace installed on the remote host is version 1.8.x prior to 1.8.1. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library :

  - An error exists related to the implementation of the     Elliptic Curve Digital Signature Algorithm (ECDSA) that     could allow nonce disclosure via the 'FLUSH+RELOAD'     cache side-channel attack. (CVE-2014-0076)

  - An out-of-bounds read error, known as the 'Heartbleed     Bug', exists related to handling TLS hearbeat     extensions that could allow an attacker to obtain     sensitive information such as primary key material,     secondary key material and other protected content.
    (CVE-2014-0160)

According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0m. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :

  - An error exists in the function 'ssl3_read_bytes'     that could allow data to be injected into other     sessions or allow denial of service attacks. Note     this issue is only exploitable if     'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)

  - An error exists related to the implementation of the     Elliptic Curve Digital Signature Algorithm (ECDSA) that     could allow nonce disclosure via the 'FLUSH+RELOAD'     cache side-channel attack. (CVE-2014-0076)

  - A buffer overflow error exists related to invalid DTLS     fragment handling that could lead to execution of     arbitrary code. Note this issue only affects OpenSSL     when used as a DTLS client or server. (CVE-2014-0195)

  - An error exists in the function 'do_ssl3_write' that     could allow a NULL pointer to be dereferenced leading     to denial of service attacks. Note this issue is     exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is     enabled. (CVE-2014-0198)

  - An error exists related to DTLS handshake handling that     could lead to denial of service attacks. Note this     issue only affects OpenSSL when used as a DTLS client.
    (CVE-2014-0221)

  - An unspecified error exists that could allow an     attacker to cause usage of weak keying material     leading to simplified man-in-the-middle attacks.
    (CVE-2014-0224)

  - An unspecified error exists related to anonymous ECDH     ciphersuites that could allow denial of service     attacks. Note this issue only affects OpenSSL TLS     clients. (CVE-2014-3470)

  - An integer underflow condition exists in the     EVP_DecodeUpdate() function due to improper validation     of base64 encoded input when decoding. This allows a     remote attacker, using maliciously crafted base64 data,     to cause a segmentation fault or memory corruption,     resulting in a denial of service or possibly the     execution of arbitrary code. (CVE-2015-0292)

The remote host is running a version of McAfee Web Gateway (MWG) that is affected by multiple vulnerabilities due to flaws in the OpenSSL library :

  - An error exists in the function 'ssl3_read_bytes'     that could allow data to be injected into other     sessions or allow denial of service attacks. Note     this issue is only exploitable if     'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)

  - An error exists related to the implementation of the     Elliptic Curve Digital Signature Algorithm (ECDSA) that     could allow nonce disclosure via the 'FLUSH+RELOAD'     cache side-channel attack. (CVE-2014-0076)

  - A buffer overflow error exists related to invalid DTLS     fragment handling that could lead to execution of     arbitrary code. Note this issue only affects OpenSSL     when used as a DTLS client or server. (CVE-2014-0195)

  - An error exists in the function 'do_ssl3_write' that     could allow a NULL pointer to be dereferenced leading     to denial of service attacks. Note this issue is     exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is     enabled. (CVE-2014-0198)

  - An error exists related to DTLS handshake handling that     could lead to denial of service attacks. Note this     issue only affects OpenSSL when used as a DTLS client.
    (CVE-2014-0221)

  - An unspecified error exists that could allow an     attacker to cause usage of weak keying material     leading to simplified man-in-the-middle attacks.
    (CVE-2014-0224)

  - An unspecified error exists related to anonymous ECDH     ciphersuites that could allow denial of service     attacks. Note this issue only affects OpenSSL TLS     clients. (CVE-2014-3470)

The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-004 applied. This update contains several security-related fixes for the following components :

  - CoreGraphics
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Libnotify
  - OpenSSL
  - QT Media Foundation

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X that is older than 10.9.5, and is thus missing security-related fixes for the following components:

  - Bluetooth
  - CoreGraphics
  - Foundation
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Intel Graphics Driver
  - Kernel
  - Libnotify
  - OpenSSL
  - QT Media Foundation
  - apache_mod_php
  - ruby

Note that successful exploitation of the most serious issues could result in arbitrary code execution.

OpenSSL versions 1.0.1 earlier than 1.0.1g contain the following vulnerabilities:

  - Out-of-bounds read flaw that can be triggered through TLS heartbeat extension packets to disclose up to 64kB of memory containing sensitive information, possibly including secret keys. (CVE-2014-0160)

  - Improperly implemented Elliptic Curve Digital Signature Algorithm (ECDSA) could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. 

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
74326	OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability	Nessus	Misc.	6/5/2014	6/12/2020	medium
77438	IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.3 Multiple Vulnerabilities	Nessus	Web Servers	8/29/2014	11/25/2019	medium
88991	Cisco NX-OS OpenSSL Multiple Vulnerabilities	Nessus	CISCO	2/26/2016	11/19/2019	high
73404	OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed)	Nessus	Web Servers	4/8/2014	8/21/2023	high
73673	VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)	Nessus	General	4/21/2014	4/25/2023	high
73851	VMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilities	Nessus	VMware ESX Local Security Checks	5/3/2014	5/5/2022	high
73896	VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)	Nessus	Misc.	5/6/2014	4/25/2023	high
73403	OpenSSL 1.0.0 < 1.0.0m Multiple Vulnerabilities	Nessus	Web Servers	4/8/2014	8/21/2023	high
76146	McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075)	Nessus	Misc.	6/19/2014	11/26/2019	medium
77749	Mac OS X Multiple Vulnerabilities (Security Update 2014-004)	Nessus	MacOS X Local Security Checks	9/18/2014	7/14/2018	critical
8394	Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)	Nessus Network Monitor	Web Clients	9/19/2014	3/6/2019	critical
8194	OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed)	Nessus Network Monitor	Web Servers	4/8/2014	3/6/2019	medium
501797	Rockwell Automation Stratix ECDSA NONCE Side-Channel Recovery Attack (CVE-2014-0076)	Tenable OT Security	Tenable.ot	11/15/2023	1/17/2024	medium

Detections

Analytics

Plugins Search

medium

medium

high

high

high

high

high

high

medium

critical

critical

medium

medium