4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%
The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects some versions of DS8000.
CVEID: CVE-2015-0138
DESCRIPTION: A vulnerability in SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. A client implementation could accept the use of an RSA temporary key in a non-export RSA key uexchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.
This vulnerability is also known as the FREAK attack.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
DS8870 prior to R7.2
DS8800/DS8700 prior to SP9 ( 86.31.142.0 / 76.31.121.0 respectively) which have not applied ISO CD patch named RemoveWeakCertificatesv1.0 or RemoveWeakCertificatesV1.1
DS8100/DS8300 even if they have applied the above patch.
As noted DS8870 at R7.2 and above ( 87.21.5.0 or above) and above and DS8800/DS8700 at SP9 ( 86.31.142.0 / 76.31.121.0 or above) are not impacted.
DS8700/DS8800/DS8870 customers should upgrade to a version which is not impacted or apply the patch noted below.
DS8100/DS8300 customers should apply the patch noted below.
Patch Release
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
DS8870 prior to R7.2 | N/A | CVE_WEAK_CIPHER_PATCH_v1.0 | 03/23/2015 |
DS8800 prior to 6.3 SP 9 | N/A | CVE_WEAK_CIPHER_PATCH_v1.0 | 03/23/2015 |
DS8700 prior to 6.3 SP 9 | N/A | CVE_WEAK_CIPHER_PATCH_v1.0 | 03/23/2015 |
DS8100/DS8300 | N/A | CVE_WEAK_CIPHER_PATCH_v1.0 | 03/23/2015 |
CPE | Name | Operator | Version |
---|---|---|---|
disk systems->ds8870 | eq | any | |
ibm ds8800 | eq | any | |
disk systems->ds8700 | eq | any |