5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
An OpenSSL vulnerability was found in IBM Security Network Active Bypass. IBM Security Network Active Bypass has addressed the applicable CVE.
CVEID: CVE-2016-7055**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118748 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM Security 1G Network Active Bypass firmware version 1.X firmware levels 1.0.849 through 3.30.7-23
IBM Security 10G Network Active Bypass firmware versions 1.x firmware levels 1.0.1876 through 3.30.7-23
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Proventia Network Active Bypass| 3.X | Proventia 1G NAB Update 22 (fw 3.30.9-27) IBM Security Proventia Network Active Bypass| 3.X| Proventia 10G NAB Update 19 (fw 3.30.9-27)
For IBM Security Proventia Network Active Bypass products at the following firmware versions:
IBM recommends upgrading to 3.30.9-27, the supported firmware release of the product.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security network active bypass | eq | 3.0 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P