Lucene search

K
ibmIBM4BD0A578AC85BE4A404D10EC419136C4CE32988E7B285336E8F81B41BC84892B
HistoryJan 07, 2020 - 10:14 p.m.

Security Bulletin: Vulnerability in Fabric OS used by IBM b-type SAN directors and switches.

2020-01-0722:14:40
www.ibm.com
10

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Summary

Public disclosed vulnerability from OpenSSL in the Fabric OS used by IBM b-type SAN directors and switches.

Vulnerability Details

CVEID:CVE-2018-0737
**DESCRIPTION:**The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/141679 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
FOS 8.0
FOS 8.1
FOS 8.2

Remediation/Fixes

Product VRMF Fix
FOS 8.0 upgrade to FOS 8.1.2h or FOS 8.2.1c
FOS 8.1 8.1.2h <https://www-01.ibm.com/support/docview.wss?uid=ssg1S1009577&gt;
FOS 8.2 8.2.1c <https://www-01.ibm.com/support/docview.wss?uid=ssg1S1009577&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
foseq8.0
foseq8.1
foseq8.2

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Related for 4BD0A578AC85BE4A404D10EC419136C4CE32988E7B285336E8F81B41BC84892B