3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.5%
OpenSSL is prone to an incorrect SSLv2 rollback protection vulnerability.
# Copyright (C) 2021 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
CPE = "cpe:/a:openssl:openssl";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.145406");
script_version("2021-08-30T10:29:27+0000");
script_tag(name:"last_modification", value:"2021-08-30 10:29:27 +0000 (Mon, 30 Aug 2021)");
script_tag(name:"creation_date", value:"2021-02-17 06:08:42 +0000 (Wed, 17 Feb 2021)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-07-20 23:15:00 +0000 (Tue, 20 Jul 2021)");
script_cve_id("CVE-2021-23839");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("OpenSSL: Incorrect SSLv2 rollback protection (CVE-2021-23839) - Windows");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone Networks GmbH");
script_family("Denial of Service");
script_dependencies("gb_openssl_consolidation.nasl", "os_detection.nasl");
script_mandatory_keys("openssl/detected", "Host/runs_windows");
script_tag(name:"summary", value:"OpenSSL is prone to an incorrect SSLv2 rollback protection vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with
a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made
for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions
greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2
is supposed to reject connection attempts from a client where this special form of padding is present,
because this indicates that a version rollback has occurred (i.e. both client and server support greater
than SSLv2, and yet this is the version that is being requested).
The implementation of this padding check inverted the logic so that the connection attempt is accepted if
the padding is present, and rejected if it is absent. This means that such as server will accept a connection
if a version rollback attack has occurred. Further the server will erroneously reject a connection if a
normal SSLv2 connection attempt is made.");
script_tag(name:"affected", value:"OpenSSL versions 1.0.2s - 1.0.2x.");
script_tag(name:"solution", value:"Update to version 1.0.2y, 1.1.1j or later. See the references for
more details.");
script_xref(name:"URL", value:"https://www.openssl.org/news/secadv/20210216.txt");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range(version: version, test_version: "1.0.2s", test_version2: "1.0.2x")) {
report = report_fixed_ver(installed_version: version, fixed_version: "1.0.2y / 1.1.1j", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.5%