Lucene search

K
ibmIBM0CCDE2588D4F0DF43FF2D083F2555ADD77C81EA2A8D82A1E01E8FA2C528C4FF6
HistoryDec 07, 2023 - 10:45 p.m.

Security Bulletin: IBM Flex System switch firmware products are affected by a vulnerability in OpenSSL (CVE-2019-1559)

2023-12-0722:45:07
www.ibm.com
15

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.3%

Summary

IBM Flex System switch firmware products have addressed the following OpenSSL vulnerability.

Vulnerability Details

CVEID:CVE-2019-1559
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Flex System EN2092 1Gb Ethernet Scalable Switch 7.8
IBM Flex System Fabric SI4093 GbFSIM 10Gb ScSw 7.8
IBM Flex System Fabric EN4093/EN4093R 10Gb Scalable Switch 7.8
IBM Flex System CN4093 10Gb Converged Scalable Switch 7.8

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Product

|

Fix Version

—|—

IBM Flex System EN2092 1Gb Ethernet Scalable firmware
(ibm_fw_scsw_en2092-7.8.25.0_anyos_noarch)

|

7.8.25.0

IBM Flex System Fabric SI4093 System Interconnect Module firmware
(ibm_fw_scsw_si4093-7.8.25.0_anyos_noarch)

|

7.8.25.0

IBM Flex System Fabric EN4093/EN4093R 10Gb Scalable Switch firmware
(ibm_fw_scsw_en4093r-7.8.25.0_anyos_noarch)

|

7.8.25.0

IBM Flex System Fabric CN4093 10Gb ScSE firmware
(ibm_fw_scsw_cn4093-7.8.25.0_anyos_noarch)

|

7.8.25.0

Workarounds and Mitigations

None

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.3%

Related for 0CCDE2588D4F0DF43FF2D083F2555ADD77C81EA2A8D82A1E01E8FA2C528C4FF6