Lucene search

K
ibmIBM79D43D17D2A976B2C3047912D4E3D7E3AD0E022693AF7355F8D1FB356A1EBD7E
HistoryFeb 23, 2022 - 7:48 p.m.

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by a vulnerability in OpenSSL (CVE-2016-2183)

2022-02-2319:48:26
www.ibm.com
32

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.9%

Summary

IBM Security Network Intrusion Prevention Systems has addressed the following vulnerability in OpenSSL. The vulnerability is known as the SWEET32 Birthday attack (CVE-2016-2183).

Vulnerability Details

CVEID: CVE-2016-2183**
DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Security Network Intrusion Prevention System 4.6.2

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Intrusion Prevention System | Firmware version 4.6.2| Download the fix from IBM Fix Central and install it via IBM Security Network Intrusion Prevention System Local Management Interface.
4.6.2.0-ISS-ProvG-AllModels-System-FP0018

Workarounds and Mitigations

None

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.9%

Related for 79D43D17D2A976B2C3047912D4E3D7E3AD0E022693AF7355F8D1FB356A1EBD7E