IBMC7A2A0C98C5CFA870E393164D235F4293DC0618E0C7F953FFBA7057CA3192BA7Security Bulletin: PowerSC is vulnerable to security restrictions bypass due to Curl (CVE-2023-46218, CVE-2023-46219, CVE-2024-0853)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
31.0%
Summary
Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions (CVE-2023-46218, CVE-2023-46219, CVE-2024-0853). PowerSC uses Curl as part of PowerSC Trusted Network Connect (TNC).
Vulnerability Details
CVEID:CVE-2023-46218
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a mixed case flaw when curl is built without PSL support. By sending a specially crafted request, an attacker could exploit this vulnerability to allow a HTTP server to set “super cookies” in curl.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273320 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2023-46219
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when saving HSTS data to an excessively long file name. By sending a specially crafted request, an attacker could exploit this vulnerability to use files that unaware of the HSTS status.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273321 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2024-0853
**DESCRIPTION:**cURL libcurl could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with keeping the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass OCSP verification.
CVSS Base score: 3.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281082 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| PowerSC | 1.3, 2.0, 2.1 |
The vulnerabilities in the following filesets are being addressed:
| Fileset | Lower Level | Upper Level |
|---|---|---|
| powerscStd.tnc_pm | 1.3.0.4 | 2.1.0.6 |
| curl-8.5.0-1.aix7.1.ppc.rpm | 7.19.4 | 8.5.0 |
Note: To find out whether the affected PowerSC filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide. To find out whether the affected curl filesets are installed on your systems, refer to the rpm command found in AIX user’s guide.
Example: lslpp -l | grep powerscStd
Example: rpm -qa | grep curl
Remediation/Fixes
FIXES
IBM strongly recommends addressing the vulnerability now.
Fixes are available.
The fixes can be downloaded via yum:
To install any dependencies along with the fix package:
yum update curl
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| powersc standard edition | eq | 2.1 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
31.0%