5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.075 Low
EPSS
Percentile
94.0%
A security vulnerability has been found that affects certain level of TSSC code.
** **lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Vendor | Vendor** ID** | Vendor** Title** | Included CVEs |
---|---|---|---|
RedHat | RHSA-2014:0246 | ||
Important: gnutls security update | CVE-2014-0092 |
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. This vulnerability may allow for modification of files on the TSSC host from an unauthenticated user when accessing the TSSC remotely through the service web page.
CVSS Base Score: 4.3 CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/91486> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
TSSC 7.0-7.2
TSSC 7.3.15 contains GnuTLS 2.8.5-13, which has been patched to fix this vulnerability. Upgrade to 7.3.15 is recommended.
No known workarounds. TSSC should be updated to 7.3.15 to address this issue. No fixes are planned for 7.0-7.2.
CPE | Name | Operator | Version |
---|---|---|---|
ts2900 tape autoloader | eq | any |