Lucene search

K
ibmIBM2FE4FAEC11A5A595193A03B9D60E81D9623A26BB5D27D6ACC64201D05E5AFAA9
HistoryFeb 23, 2022 - 7:48 p.m.

Security Bulletin: A vulnerability in GSKit affects IBM Security Network Intrusion Prevention System (CVE-2015-1788)

2022-02-2319:48:26
www.ibm.com
148

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.578 Medium

EPSS

Percentile

97.6%

Summary

A security vulnerability has been discovered in GSKit used with IBM Security Network Intrusion Prevention System.

Vulnerability Details

CVE ID: CVE-2015-1788

DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. IBM GSKit has the same vulnerability.

CVSS Base Score: 5.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000

Firmware versions 4.6.2, and 4.6.1

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Intrusion Prevention System | Firmware version 4.6.2| 4.6.2.0-ISS-ProvG-AllModels-Hotfix-FP0012
IBM Security Network Intrusion Prevention System | Firmware version 4.6.1| 4.6.1.0-ISS-ProvG-AllModels-Hotfix-FP0013

Workarounds and Mitigations

None

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.578 Medium

EPSS

Percentile

97.6%