IBMBC78E2C1A9E67DDCC02AD4BAE574507A51CE44045E494689D4B31E533A40E929Security Bulletin: A vulnerability in the GSKit component of IBM Security Network Intrusion Prevention System (CVE-2016-0201)
EPSS
Percentile
68.2%
Summary
A vulnerability has been addressed in the GSKit component of IBM Security Network Intrusion Prevention System.
Vulnerability Details
CVEID: CVE-2016-0201**
DESCRIPTION:** IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain authentication credentials.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109310 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions 4.6.2, and 4.6.1.
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Intrusion Prevention System | Firmware version 4.6.2| 4.6.2.0-ISS-ProvG-AllModels-Hotfix-FP0016
IBM Security Network Intrusion Prevention System | Firmware version 4.6.1| 4.6.1.0-ISS-ProvG-AllModels-Hotfix-FP0015
Workarounds and Mitigations
None
Related
EPSS
Percentile
68.2%