ROSA LABROSA-SA-2021-1978Advisory ROSA-SA-2021-1978
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.2%
Software: stunnel 4.56
OS: Cobalt 7.9
CVE-ID: CVE-2014-0016
CVE-Crit: MEDIUM
CVE-DESC: stunnel before 5.00 when using fork streaming does not properly update the OpenSSL pseudo-random number generator (PRNG) state, which causes subsequent children with the same process ID to use the same entropy pool and allow remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2021-20230
CVE-Crit: HIGH
CVE-DESC: A bug was discovered in stunnel before 5.57 where it incorrectly verifies client certificates when configured to use the redirect and verifyChain parameters. This flaw allows an attacker with a certificate signed by a certificate authority that is not the one accepted by the stunnel server to access a tunneled service instead of redirecting to the address specified in the redirect parameter. The biggest threat from this vulnerability is privacy.
CVE-STATUS: default
CVE-REV: default
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.2%