Lucene search

K
ibmIBME24545639D10A648BCB6D9F4AAE7525E072A1C6A4E5448AFD0E797BA58867591
HistoryJan 08, 2020 - 6:39 p.m.

Security Bulletin: Vulnerability in the Fabric OS used by IBM b-type SAN directors and switches.

2020-01-0818:39:04
www.ibm.com
9

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Summary

Public disclosed vulnerability from OpenSSL in the Fabric OS used by IBM b-type SAN directors and switches.

Vulnerability Details

CVEID:CVE-2018-0735
**DESCRIPTION:**The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152086 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
FOS 8.0
FOS 8.1
FOS 8.2

Remediation/Fixes

Product VRMF Fix
FOS 8.0 upgrade to FOS 8.1.2h or FOS 8.2.1c
FOS 8.1 8.1.2h <https://www-01.ibm.com/support/docview.wss?uid=ssg1S1009577&gt;
FOS 8.2 8.2.1c <https://www-01.ibm.com/support/docview.wss?uid=ssg1S1009577&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
foseq8.0
foseq8.1
foseq8.2

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N