Lucene search

K
f5F5F5:K17248
HistorySep 24, 2015 - 12:00 a.m.

K17248 : OpenSSL vulnerability CVE-2010-0742

2015-09-2400:00:00
my.f5.com
10

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.251 Low

EPSS

Percentile

96.2%

Security Advisory Description

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. (CVE-2010-0742)

Impact

A locally authenticated user, with a role that allows advanced shell(bash) access, may be able to exploit OpenSSL to modify invalid memory locations or conduct double-free attacks, and execute arbitrary code. However, affected F5 products that contain the vulnerable software component do not use the components in a way that exposes this vulnerability. There are no remote access vectors for this issue, and there is no data plane exposure.

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.251 Low

EPSS

Percentile

96.2%