Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM648193A29F6897B7A416664FCB61B86F7E57467EB9FDE765D91DD422ACE0A8A7
HistoryJan 31, 2019 - 2:40 a.m.

Security Bulletin: Vulnerability in strongSwan affects IBM Chassis Management Module (CVE-2017-11185)

2019-01-3102:40:01
www.ibm.com
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

IBM Chassis Management Module (CMM) has addressed the following vulnerability in strongSwan.

Vulnerability Details

Summary

IBM Chassis Management Module (CMM) has addressed the following vulnerability in strongSwan.

Vulnerability Details

CVEID: CVE-2017-11185

Description: strongSwan is vulnerable to a denial of service, caused by a NULL pointer dereference in gmp plugin. By using a specially-crafted RSA signature, a remote attacker could exploit this vulnerability to cause the daemon to crash.

CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130836&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Product Version
IBM Chassis Management Module (CMM) 2PET

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Product Fixed Version
IBM Chassis Management Module (CMM)
(ibm_fw_cmm_2pet16b-2.5.11b_anyos_noarch) 2PET16B - 2.5.11b

Workarounds and Mitigations

None.

References

Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None.

Change History
16 March, 2018: Original Version Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

nessus 8
osv 3
redhatcve 1
ubuntu 1
debiancve 1
checkpoint_advisories 1
openvas 6
veracode 1
archlinux 1
prion 1
ibm 1
cve 1
alpinelinux 1
debian 2
ubuntucve 1
photon 1
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : strongSwan vulnerability (USN-3397-1)
2017-08-22 00:00:00
Photon OS 1.0: Strongswan PHSA-2017-0040
2019-02-07 00:00:00
Debian DLA-1059-1 : strongswan security update
2017-08-21 00:00:00
osv
osv
strongswan - security update
2017-09-03 00:00:00
strongswan - security update
2017-08-18 00:00:00
CVE-2017-11185
2017-08-18 17:29:01
redhatcve
redhatcve
CVE-2017-11185
2017-08-22 13:19:58
ubuntu
ubuntu
strongSwan vulnerability
2017-08-21 00:00:00
debiancve
debiancve
CVE-2017-11185
2017-08-18 17:29:00
checkpoint_advisories
checkpoint_advisories
strongSwan gmp Plugin Denial of Service (CVE-2017-11185)
2017-09-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3962-1)
2017-09-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2293-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-3397-1)
2018-10-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-05-10 23:26:17
archlinux
archlinux
[ASA-201708-13] strongswan: denial of service
2017-08-14 00:00:00
prion
prion
Null pointer dereference
2017-08-18 17:29:00
ibm
ibm
Security Bulletin: A vulnerability in strongSwan affects IBM Flex System Manager (FSM) (CVE-2017-11185)
2018-06-18 01:39:51
cve
cve
CVE-2017-11185
2017-08-18 17:29:00
alpinelinux
alpinelinux
CVE-2017-11185
2017-08-18 17:29:00
debian
debian
[SECURITY] [DLA 1059-1] strongswan security update
2017-08-18 14:54:34
[SECURITY] [DSA 3962-1] strongswan security update
2017-09-03 13:23:01
ubuntucve
ubuntucve
CVE-2017-11185
2017-08-18 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0080
2017-10-24 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON
Related for 648193A29F6897B7A416664FCB61B86F7E57467EB9FDE765D91DD422ACE0A8A7
nessus8osv3redhatcve1ubuntu1debiancve1checkpoint_advisories1openvas6veracode1archlinux1prion1ibm1cve1alpinelinux1debian2ubuntucve1photon1