OpenSSL Vulnerabilities Oct 2018 - Jul 2019

SUMMARY

Symantec Network Protection products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. An attacker can recover DSA, ECDH, and ECDSA private keys through timing side-channel attacks. A remote attacker can also decrypt encrypted ciphertext and modify OpenSSL configuration and executable engine modules.

AFFECTED PRODUCTS

BCAAA

CVE |Supported Version(s)|Remediation
CVE-2018-0734, CVE-2019-1552,
CVE-2019-1559 | 6.1 (only when Novell SSO realm is used) | A fix will not be provided. The vulnerable OpenSSL library is in the Novell SSO SDK and an updated Novell SSO SDK is no longer available. Please contact Novell for more information.

Content Analysis (CA)

CVE |Supported Version(s)|Remediation
CVE-2018-0735, CVE-2018-5407, CVE-2019-1559 | 2.3 | Upgrade to a later version with fixes.
2.4, 3.0 | Not available at this time
CVE-2018-0735, CVE-2018-5407 | 3.1 | Not vulnerable, fixed in 3.1.0.0.
CVE-2019-1559 | 3.1 | Not available at this time

Director

CVE |Supported Version(s)|Remediation
CVE-2018-0734, CVE-2018-5407,
CVE-2019-1552 | 6.1 | Upgrade to a version of MC with the fixes.

Mail Threat Defense (MTD)

CVE |Supported Version(s)|Remediation
CVE-2018-0735, CVE-2018-5407,
CVE-2019-1559 | 1.1 | Upgrade to a version of CAS and SMG with the fixes.

Malware Analysis (MA)

CVE |Supported Version(s)|Remediation
CVE-2018-5407, CVE-2019-1559 | 4.2 | Upgrade to a version of Content Analysis with fixes.

Management Center (MC)

CVE |Supported Version(s)|Remediation
CVE-2019-1559 | 2.2 | Upgrade to a later version with fixes.
2.3 | Upgrade to 2.3.3.1.
2.4 and later | Not vulnerable, fixed

PacketShaper (PS)

CVE |Supported Version(s)|Remediation
CVE-2018-0734, CVE-2019-1559 | 9.2 | Upgrade to a version of PacketShaper S-Series with fixes.

PacketShaper (PS) S-Series

CVE |Supported Version(s)|Remediation
CVE-2018-0734, CVE-2018-0735,
CVE-2018-5407, CVE-2019-1559 | 11.6, 11.9, 11.10 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes.

PolicyCenter (PC)

CVE |Supported Version(s)|Remediation
CVE-2018-0734, CVE-2019-1559 | 9.2 | Upgrade to a version of PolicyCenter S-Series with fixes.

PolicyCenter (PC) S-Series

CVE |Supported Version(s)|Remediation
CVE-2018-0734, CVE-2018-0735,
CVE-2018-5407, CVE-2019-1559 | 1.1 | A fix will not be provided. Allot NetXplorer is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes.

Reporter

CVE |Supported Version(s)|Remediation
CVE-2019-1559 | 10.3, 10.4 | Upgrade to a later version with fixes.
10.5 | Not available at this time
10.6 | Not vulnerable, fixed in 10.6.1.1

Security Analytics (SA)

CVE |Supported Version(s)|Remediation
CVE-2018-0734, CVE-2018-5407,
CVE-2019-1559 | 7.2, 7.3, 8.0 | Upgrade to later version with fixes.
8.1 | Not available at this time
CVE-2018-5407 | 8.2 | Upgrade to 8.2.4.
CVE-2018-0734, CVE-2019-1559 | 8.2 | Not vulnerable, fixed in 8.2.1

SSL Visibility (SSLV)

CVE |Supported Version(s)|Remediation
CVE-2019-1559 | 4.4 | Upgrade to later version with fixes.
4.5 and later | Not vulnerable, fixed in 4.5.1.1

Web Isolation (WI)

CVE |Supported Version(s)|Remediation
CVE-2018-0734, CVE-2018-0735,
CVE-2018-5407 | 1.12 | Upgrade to 1.12.13+250.
1.13 and later | Not vulnerable, fixed.

ADDITIONAL PRODUCT INFORMATION

The following products are not vulnerable:
AuthConnector
CDP for Salesforce
CDP for ServiceNow
CDP for Oracle CRM on Demand
CDP Communication Server
CDP Integration Server
General Auth Connector Login Application
ProxyAV
ProxyAV ConLog and ConLogXP
ProxySG
Symantec HSM Agent for the Luna SP
Unified Agent
WSS Agent
WSS Mobile Agent

The following products are under investigation:
Advanced Secure Gateway
CacheFlow
X-Series XOS

ISSUES

CVE-2018-0734

Severity / CVSSv3 | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) References| SecurityFocus: BID 105758 / NVD: CVE-2018-0734 Impact| Information disclosure Description | A timing side channel flaw in the DSA signature algorithm implementation allows an attacker to recover DSA private keys.

CVE-2018-0735

Severity / CVSSv3 | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) References| SecurityFocus: BID 105750 / NVD: CVE-2018-0735 Impact| Information disclosure Description | A timing side channel flaw in the ECDSA signature algorithm implementation allows an attacker to recover ECDSA private keys.

CVE-2018-5407

Severity / CVSSv3 | Medium / 4.7 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) References| SecurityFocus: BID 105897 / NVD: CVE-2018-5407 Impact| Information disclosure Description | A timing side channel flaw in ECC scalar multiplication, used in ECDSA and ECDH signatures, allows a local attacker to recover ECDSA or ECDH private keys.

CVE-2019-1543

Severity / CVSSv3 | High / 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) References| SecurityFocus: BID 107349 / NVD: CVE-2019-1543 Impact| Unspecified Description | An insufficient cryptographic parameter validation fault in the ChaCha20-Poly1305 cipher implementation allows an attacker to compromise data confidentiality and integrity through unspecified vectors.

CVE-2019-1552

Severity / CVSSv3 | Low / 3.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) References| SecurityFocus: BID 109443 / NVD: CVE-2019-1552 Impact| Unauthorized modification of configuration and executable code Description | A fault in configuration file specification allows a local attacker to insert malicious CA certificates and modify OpenSSL configuration and executable engine modules.

CVE-2019-1559

Severity / CVSSv3 | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) References| SecurityFocus: BID 107174 / NVD: CVE-2019-1559 Impact| Information disclosure Description | A padding oracle fault in the SSL library allows a remote attacker to decrypt data encrypted inside the SSL tunnel.

REFERENCES

OpenSSL Security Advisory [29 October 2018] - <https://www.openssl.org/news/secadv/20181029.txt&gt;
OpenSSL Security Advisory [30 October 2018] - <https://www.openssl.org/news/secadv/20181030.txt&gt;
OpenSSL Security Advisory [12 November 2018] - <https://www.openssl.org/news/secadv/20181112.txt&gt;
OpenSSL Security Advisory [26 February 2019] - <https://www.openssl.org/news/secadv/20190226.txt&gt;
OpenSSL Security Advisory [6 March 2019] - <https://www.openssl.org/news/secadv/20190306.txt&gt;
OpenSSL Security Advisory [30 July 2019] - <https://www.openssl.org/news/secadv/20190730.txt&gt;

REVISION

2021-09-20 A fix for CVE-2018-5407 in Security Analytics 8.2 is available in 8.2.4.
2021-09-14 It was previously reported that Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1. Reporter 10.5 is vulnerable. Reporter 10.6 is not vulnerable because a fix is available in 10.6.1.1.
2021-08-05 Content Analysis 3.1 is not vulnerable to CVE-2018-0735 because a fix is available in 3.1.0.0.
2021-08-02 Security Analytics 8.2 is not vulnerable to CVE-2018-0734 and CVE-2019-1559 because a fix is available in 8.2.1.
2021-07-20 A fix for SSLV 4.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2021-07-15 A fix for Security Analytics 7.2 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2021-05-03 SSLV 4.4 is vulnerable to CVE-2019-1559. SSLV 4.5 is not vulnerable because a fix is available in 4.5.1.1.
2021-04-28 Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1.
2021-02-18 A fix for CA 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-11-19 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-11-12 Content Analysis 3.1 is vulnerable to CVE-2018-0735 and CVE-2019-1559. Content Analysis 3.1 is not vulnerable to CVE-2018-5407 because a fix is available in 3.1.0.0.
2020-04-05 Content Analysis 3.0 is vulnerable to CVE-2018-0735, CVE-2018-5407, and CVE-2019-1559. Reporter 10.5 is vulnerable to CVE-2019-1559. Fixes will not be provided for Management Center 2.2 and Reporter 10.3. Please upgrade to a later version with the vulnerability fixes. Security Analytics 8.1 is vulnerable to CVE-2018-0734, CVE-2018-5407, and CVE-2019-1559.
2020-04-04 PacketShaper S-Series and PolicyCenter S-Series are vulnerable to CVE-2018-0734, CVE-2018-0735, CVE-2018-5407, and CVE-2019-1559. A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Switch to a version of NetXplorer with the vulnerability fixes.
2020-01-26 MC 2.4 is not vulnerable because a fix is available in 2.4.1.1.
2020-01-19 A fix for Malware Analysis will not be provided. Please upgrade to a version of Content Analysis with the vulnerability fixes.
2019-10-10 A fix for PacketShaper 9.2 will not be provided. Please upgrade to a version of PacketShaper S-Series with the vulnerability fixes. A fix for PolicyCenter 9.2 will not be provided. Please upgrade to a version of PolicyCenter S-Series with the vulnerability fixes.
2019-10-07 WI 1.13 is not vulnerable.
2019-10-04 A fix for MC 2.3 is available in 2.3.3.1.
2019-09-09 Added SecurityFocus BID for CVE-2019-1552.
2019-09-05 initial public release